CVE-2023-42564: 
NixOS vulnerability analysis and mitigation

CVE-2023-42564 is a security vulnerability discovered in Samsung's knoxcustom service that affects Android versions 11 through 14. The vulnerability was reported on September 21, 2023, and was addressed in the Samsung Mobile Security Maintenance Release (SMR) December 2023 Release 1. This vulnerability is characterized by improper access control mechanisms that could allow an attacker to send broadcasts with system privileges (Samsung Advisory).

The vulnerability has been assigned a CVSS v3.1 Base Score of 5.5 (MEDIUM) by NIST with the vector string CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N. Samsung Mobile's assessment differs slightly, rating it at 6.6 (MEDIUM) with the vector string CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:N/I:H/A:H. The vulnerability requires local access and low privileges to exploit, with the main impact being on system integrity (NVD).

The vulnerability allows an attacker to send broadcasts with system privileges, which could potentially lead to unauthorized system-level operations. The CVSS scoring indicates high impact on integrity and potentially availability, though no direct impact on confidentiality has been identified (Samsung Advisory).

Samsung has addressed this vulnerability in the December 2023 Security Maintenance Release 1 by adding proper permission check logic. Users are advised to update their devices to the latest security patch level to protect against this vulnerability (Samsung Advisory).