CVE-2023-30864: 
NixOS vulnerability analysis and mitigation

In Connectivity Service, there is a possible missing permission check that could lead to local escalation of privilege with no additional execution privileges. This vulnerability, identified as CVE-2023-30864, was discovered in 2023 and affects various Unisoc hardware platforms including S8000, SC7731E, SC9832E, SC9863A, T310, T606, T610, T612, T616, and Android 10.0 operating systems (NVD, CVE).

The vulnerability has been assigned a CVSS v3.1 base score of 7.8 (HIGH) with the following vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H. The weakness is categorized as CWE-862 (Missing Authorization). The vulnerability requires local access with low attack complexity and low privileges, but no user interaction is needed (NVD).

If exploited, this vulnerability could allow a local attacker to escalate privileges on the affected system, potentially gaining unauthorized access to sensitive information and system resources. The high CVSS score indicates significant potential impact on confidentiality, integrity, and availability of the system (NVD).

Unisoc has acknowledged the vulnerability and provided information about it in their security advisory. Users and administrators of affected systems should apply any available security updates from Unisoc to address this vulnerability (Vendor Advisory).