CVE-2023-35675: 
NixOS vulnerability analysis and mitigation

CVE-2023-35675 is a vulnerability discovered in Android's MediaResumeListener.kt component, specifically in the loadMediaResumptionControls function. The vulnerability was disclosed in September 2023 and affects Android versions 11.0, 12.0, 12.1, and 13.0. This security flaw allows unauthorized access to media files played by other users on the same device (NVD).

The vulnerability stems from a logic error in the code that handles media resumption controls. It has been assigned a CVSS v3.1 base score of 5.5 (Medium), with a vector string of CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N. The vulnerability requires local access but has low attack complexity and requires no user interaction for exploitation (NVD).

The vulnerability can lead to local information disclosure, potentially allowing an attacker to play and listen to media files that were played by other users on the same device. The impact is primarily focused on confidentiality, with no direct impact on integrity or availability of the system (NVD).

Google has addressed this vulnerability in the September 2023 security patch. Samsung has also included this fix in their September 2023 security update rollout for Galaxy devices. Users are advised to update their devices to the latest security patch level to protect against this vulnerability (Samsung Security).

The vulnerability was included in Samsung's September 2023 security patch update, which addressed a total of 62 vulnerabilities. The S series devices were the first to receive these security updates, with other premium devices scheduled to receive the patches subsequently (Samsung Security).