CVE-2023-42561: 
NixOS vulnerability analysis and mitigation

CVE-2023-42561 is a heap out-of-bounds write vulnerability discovered in Samsung bootloader affecting selected Android 11, 12, 13, and 14 Qualcomm devices. The vulnerability was reported on August 9, 2023, and was patched in the Samsung Mobile Security Maintenance Release (SMR) December 2023 Release 1 (Samsung Advisory).

The vulnerability is classified as a heap out-of-bounds write issue in the bootloader component. It has received a CVSS v3.1 Base Score of 6.8 MEDIUM from NIST (Vector: CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H) and a score of 7.1 HIGH from Samsung Mobile (Vector: CVSS:3.1/AV:P/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:H). The vulnerability is tracked under CWE-787 (Out-of-bounds Write) (NVD).

If exploited, this vulnerability allows a physical attacker to execute arbitrary code on affected devices, potentially compromising the system's confidentiality, integrity, and availability (Samsung Advisory).

Samsung has addressed this vulnerability by adding proper boundary check logic in the SMR Dec-2023 Release 1. Users of affected devices should update their systems to this release to receive the security patch (Samsung Advisory).

The vulnerability was discovered and reported by HBh25Y from Codesafe Team of Legendsec at Qianxin Group (Samsung Advisory).