CVE-2023-30662: 
NixOS vulnerability analysis and mitigation

A sensitive information exposure vulnerability was identified in the getChipIds function within UwbAospAdapterService prior to SMR Jul-2023 Release 1. This vulnerability allows local attackers to access the UWB chipset Identifier. The vulnerability was assigned CVE-2023-30662 and was reported by Zinuo Han of OPPO Amber Security Lab (Samsung Mobile).

The vulnerability has been assessed with a CVSS v3.1 Base Score of 5.5 (MEDIUM) with the vector string CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N. This indicates that the vulnerability requires local access, low attack complexity, low privileges, and no user interaction. The impact is limited to confidentiality, with no impact on integrity or availability (NVD).

The vulnerability allows local attackers to access sensitive information specifically related to the UWB (Ultra-Wideband) chipset identifier. This exposure of device-specific information could potentially be used for device fingerprinting or tracking (Samsung Mobile).

Samsung has addressed this vulnerability in the SMR Jul-2023 Release 1 security update. Users are advised to update their devices to the latest security patch level to protect against this vulnerability (Samsung Mobile).