CVE-2023-30670: 
NixOS vulnerability analysis and mitigation

CVE-2023-30670 is an out-of-bounds write vulnerability discovered in the BuildIpcFactoryDeviceTestEvent component of libsec-ril library in Samsung mobile devices. The vulnerability was identified on April 14, 2023, and affects Samsung Android devices running versions 11.0 through 14.0 prior to the SMR Jul-2023 Release 1 (NVD, CVE).

The vulnerability is classified as CWE-787 (Out-of-bounds Write) with a CVSS v3.1 base score of 7.8 (High) according to NIST, while Samsung Mobile assessed it with a score of 6.7 (Medium). The CVSS vector string is CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H, indicating that the vulnerability requires local access, low attack complexity, low privileges, and no user interaction (NVD).

If exploited, this vulnerability allows a local attacker to execute arbitrary code on the affected device, potentially leading to complete system compromise with high impacts on confidentiality, integrity, and availability (NVD).

Samsung has addressed this vulnerability in the Security Maintenance Release (SMR) Jul-2023 Release 1. Users are advised to update their devices to the latest available security patch level to mitigate this vulnerability (Samsung Mobile).