CVE-2023-30665: 
NixOS vulnerability analysis and mitigation

CVE-2023-30665 is an improper input validation vulnerability discovered in OnOemServiceMode in libsec-ril component. The vulnerability was identified on April 14, 2023, and affects Samsung Android devices prior to SMR Jul-2023 Release 1. This security flaw allows local attackers to cause an Out-Of-Bounds read (CVE Details, NVD).

The vulnerability is classified with a CVSS v3.1 Base Score of 4.4 (MEDIUM) with the vector string CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:L. It is categorized under CWE-125 (Out-of-bounds Read). The vulnerability affects multiple versions of Samsung Android operating systems, including Android 11.0, 12.0, and 13.0 across various security maintenance releases (NVD).

When exploited, this vulnerability can lead to an Out-Of-Bounds read condition, potentially allowing attackers to access unauthorized memory locations. This could result in information disclosure and limited system impact (NVD).

Samsung has addressed this vulnerability in the SMR Jul-2023 Release 1. Users are advised to update their devices to the latest security patch level to mitigate this vulnerability (Samsung Mobile).