CVE-2023-30641: 
NixOS vulnerability analysis and mitigation

CVE-2023-30641 is an improper access control vulnerability discovered in Samsung Settings prior to SMR Jul-2023 Release 1. The vulnerability allows a physical attacker using a restricted user profile to access device owner's Google account data. The vulnerability was disclosed and patched in July 2023 (Samsung Advisory).

The vulnerability has been assigned a CVSS v3.1 base score of 4.3 (MEDIUM) with the following vector: CVSS:3.1/AV:P/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N. This indicates that the vulnerability requires physical access (AV:P), has low attack complexity (AC:L), requires no privileges (PR:N), needs user interaction (UI:R), has unchanged scope (S:U), and can result in high confidentiality impact (C:H) but no impact on integrity (I:N) or availability (A:N) (NVD).

The vulnerability's primary impact is on data confidentiality, as it allows unauthorized access to the device owner's Google account data through a restricted user profile. This could potentially expose sensitive user information stored in the Google account (Samsung Advisory).

Samsung has addressed this vulnerability in the SMR Jul-2023 Release 1 security update. Users should ensure their devices are updated to this version or later to protect against this vulnerability (Samsung Advisory).