CVE-2022-47475: 
NixOS vulnerability analysis and mitigation

CVE-2022-47475 is a security vulnerability in the telephony service that was discovered and reported by Unisoc. The vulnerability stems from a missing permission check in the telephony service, which could potentially lead to local information disclosure. The vulnerability affects Android versions 10.0 and 11.0, as well as various Unisoc hardware platforms including S8000, SC7731E, SC9832E, SC9863A, T310, T606, T610, and others (NVD).

The vulnerability has been assigned a CVSS v3.1 Base Score of 5.5 (MEDIUM) with the vector string CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N. This indicates that the vulnerability requires local access, low attack complexity, low privileges, and no user interaction. The scope is unchanged, with high confidentiality impact but no impact on integrity or availability. The vulnerability is classified under CWE-862 (Missing Authorization) (NVD).

The vulnerability allows an attacker with local access to potentially obtain unauthorized information disclosure. No additional execution privileges are required to exploit this vulnerability, making it a significant concern for device security (NVD).

The vulnerability has been addressed through security updates. Users of affected devices should ensure they have applied the latest security patches provided by their device manufacturers (Unisoc Advisory).