CVE-2023-30646: 
NixOS vulnerability analysis and mitigation

A heap out-of-bounds write vulnerability was discovered in BroadcastSmsConfig of RILD (Radio Interface Layer Daemon) affecting Samsung mobile devices prior to SMR Jul-2023 Release 1. The vulnerability was assigned CVE-2023-30646 and was disclosed in July 2023. This security flaw affects Samsung devices running Android versions 11, 12, 13, and 14 (Samsung Mobile).

The vulnerability is classified as CWE-787 (Out-of-bounds Write) and received a CVSS v3.1 base score of 7.8 (HIGH) with the vector string CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H. This indicates that the vulnerability requires local access, low attack complexity, low privileges, and no user interaction, while potentially impacting confidentiality, integrity, and availability at high levels (NVD).

If successfully exploited, this vulnerability allows attackers to execute arbitrary code on affected devices. The high CVSS score reflects the severe potential impact on system security, as successful exploitation could lead to complete compromise of the affected component (NVD).

Samsung has addressed this vulnerability in the July 2023 Security Maintenance Release (SMR Jul-2023 Release 1). Users are strongly advised to update their devices to the latest available security patch level to protect against this vulnerability (Samsung Mobile).