CVE-2023-30643: 
NixOS vulnerability analysis and mitigation

Missing authentication vulnerability in Galaxy Themes Service prior to SMR Jul-2023 Release 1 allows local attackers to delete arbitrary non-preloaded applications. The vulnerability was assigned CVE-2023-30643 and was discovered in April 2023, affecting Samsung Android devices running versions 11, 12, 13, and 14 (Samsung Advisory).

The vulnerability is classified as CWE-306 (Missing Authentication for Critical Function) with a CVSS v3.1 base score of 7.1 (High) according to NVD, and 7.7 (High) according to Samsung Mobile. The CVSS vector string is CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:H, indicating local access, low attack complexity, low privileges required, no user interaction, and high impact on integrity and availability (NVD).

The vulnerability allows local attackers to delete arbitrary non-preloaded applications on affected devices, potentially causing significant disruption to device functionality and user data. The impact is rated as high for both integrity and availability, though there is no direct impact on confidentiality (NVD).

Samsung has addressed this vulnerability in the July 2023 Security Maintenance Release (SMR Jul-2023 Release 1). Users should update their devices to the latest available security patch to protect against this vulnerability (Samsung Advisory).