CVE-2023-30694: 
NixOS vulnerability analysis and mitigation

CVE-2023-30694 is an out-of-bounds write vulnerability discovered in the IpcTxPcscTransmitApdu component of libsec-ril library, affecting Samsung mobile devices prior to SMR Aug-2023 Release 1. The vulnerability was disclosed and assigned a CVSS v3.1 base score of 7.8 (HIGH) by NVD and 6.7 (MEDIUM) by Samsung Mobile (NVD).

The vulnerability is classified as CWE-787 (Out-of-bounds Write) and affects the IpcTxPcscTransmitApdu functionality in libsec-ril. The vulnerability allows local attackers with low privileges to execute arbitrary code. The CVSS vector string is CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H, indicating local access, low attack complexity, low privileges required, no user interaction, and high impacts on confidentiality, integrity, and availability (NVD).

If exploited, this vulnerability allows local attackers to execute arbitrary code on affected devices, potentially leading to complete system compromise with high impacts on confidentiality, integrity, and availability of the system (NVD).

Samsung has addressed this vulnerability in the SMR Aug-2023 Release 1 security update. Users should update their devices to the latest available security patch level to mitigate this vulnerability (Samsung Mobile).