CVE-2023-30640: 
NixOS vulnerability analysis and mitigation

Improper access control vulnerability in PersonaManagerService was discovered in Samsung mobile devices prior to SMR Jul-2023 Release 1. The vulnerability, tracked as CVE-2023-30640, allows local attackers to change configuration. The issue was reported on April 14, 2023, and affects Android versions 11, 12, 13, and 14 (Samsung Advisory).

The vulnerability has been assigned a CVSS v3.1 base score of 3.3 (LOW) by NIST with vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N. However, Samsung Mobile's assessment rated it as MEDIUM severity with a CVSS score of 4.3 and vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:C/C:N/I:L/A:N (NVD).

The vulnerability allows local attackers to modify configuration settings in the PersonaManagerService. This could potentially lead to unauthorized changes to system configurations, though the impact is limited as indicated by the low-to-medium severity ratings (NVD).

Samsung addressed this vulnerability in the SMR Jul-2023 Release 1 security update. Users are advised to update their devices to this version or later to protect against this vulnerability (Samsung Advisory).