CVE-2022-47476: 
NixOS vulnerability analysis and mitigation

In telephony service, there is a missing permission check vulnerability identified as CVE-2022-47476. The vulnerability was discovered in Android's telephony service and affects various UNISOC chipsets including S8000, SC7731E, SC9832E, SC9863A, T310, T606, and T610. This could lead to local information disclosure without requiring additional execution privileges (NVD).

The vulnerability has been assigned a CVSS v3.1 Base Score of 5.5 (MEDIUM) with the vector string CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N. The vulnerability is classified as CWE-862: Missing Authorization, indicating a fundamental issue with permission checks in the system (NVD).

The vulnerability allows local attackers to access sensitive information without proper authorization. The high confidentiality impact (C:H) in the CVSS score indicates that the vulnerability could lead to significant information disclosure, though it does not affect system integrity or availability (NVD).

UNISOC has released security updates to address this vulnerability. Users and administrators should ensure their devices are updated with the latest security patches (UNISOC Advisory).