CVE-2023-30706: 
NixOS vulnerability analysis and mitigation

Improper authorization vulnerability in Samsung Keyboard prior to SMR Sep-2023 Release 1 allows attackers to read arbitrary files with system privilege (Samsung Mobile). The vulnerability is tracked as CVE-2023-30706 and was disclosed in September 2023. The issue affects Samsung devices running Android operating systems.

The vulnerability has been assigned a CVSS v3.1 base score of 7.5 HIGH by Samsung Mobile, with a vector string of CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N. However, NIST's NVD assessment differs with a CVSS score of 4.9 MEDIUM (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N). The vulnerability allows remote attackers to read arbitrary files with system privileges, indicating a serious security breach in the authorization mechanism (NVD).

The vulnerability allows attackers to read arbitrary files with system privilege, potentially exposing sensitive system and user data. The high confidentiality impact (C:H) in the CVSS score indicates that the vulnerability could lead to total information disclosure, with all system files being potentially accessible to the attacker (Samsung Mobile).

Samsung has addressed this vulnerability in the September 2023 Security Maintenance Release (SMR Sep-2023 Release 1). Users are advised to update their devices to the latest available security patch to protect against this vulnerability (Samsung Mobile).