CVE-2023-30647: 
NixOS vulnerability analysis and mitigation

A heap out-of-bounds write vulnerability was discovered in the IpcRxUsimPhoneBookCapa component of RILD (Radio Interface Layer Daemon) affecting Samsung mobile devices. The vulnerability was identified and tracked as CVE-2023-30647, with disclosure on July 5, 2023. This security flaw affects devices running Android versions 11, 12, 13, and 14 prior to the Samsung Mobile Security SMR Jul-2023 Release 1 (Samsung Advisory).

The vulnerability is classified as a heap out-of-bounds write issue (CWE-787) in the IpcRxUsimPhoneBookCapa component of RILD. The severity is rated as HIGH with a CVSS v3.1 base score of 7.8, and vector string CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H. This indicates local access is required, with low attack complexity, low privileges needed, no user interaction, and high impacts on confidentiality, integrity, and availability (NVD).

If successfully exploited, this vulnerability allows attackers to execute arbitrary code on the affected device. The high CVSS score reflects the significant potential impact on system security, as successful exploitation could lead to complete compromise of the affected component (NVD).

Samsung addressed this vulnerability in the July 2023 Security Maintenance Release (SMR Jul-2023 Release 1). Users are strongly advised to update their devices to the latest available security patch level to protect against this vulnerability (Samsung Advisory).