CVE-2023-30942: 
NixOS vulnerability analysis and mitigation

A missing permission check vulnerability was identified in telephony service, tracked as CVE-2023-30942. The vulnerability affects multiple Android versions (10.0, 11.0, 12.0, 13.0) and various Unisoc hardware platforms including S8000, SC7731E, SC9832E, SC9863A, and T310. This local vulnerability could lead to information disclosure without requiring additional execution privileges (NVD).

The vulnerability has been assigned a CVSS v3.1 Base Score of 5.5 (MEDIUM) with the vector string CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N. The vulnerability is classified as CWE-862 (Missing Authorization), indicating a fundamental authorization control issue in the telephony service component (NVD).

The vulnerability allows local attackers to access unauthorized information through the telephony service. While the vulnerability does not enable code execution or system manipulation, it poses a significant risk to data confidentiality (NVD).

The vulnerability has been addressed by Unisoc, though specific mitigation details are not publicly available. Users of affected devices should ensure they have applied the latest security updates from their device manufacturers (Unisoc Advisory).