CVE-2023-42568: 
NixOS vulnerability analysis and mitigation

An improper access control vulnerability was identified in SmartManagerCN prior to SMR Dec-2023 Release 1. The vulnerability, tracked as CVE-2023-42568, allows local attackers to access arbitrary files with system privilege. This vulnerability affects Android versions 12 and 13 (Samsung Mobile).

The vulnerability has been assigned a CVSS v3.1 Base Score of 4.4 (MEDIUM) by NIST with the following vector: CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N. However, Samsung Mobile assessed it with a higher severity score of 7.3 (HIGH) with the vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:L/A:L. The vulnerability requires local access but does not require user interaction (NVD).

The vulnerability allows local attackers to access arbitrary files with system privilege, potentially leading to unauthorized access to sensitive system data. The confidentiality impact is rated as High, indicating significant potential for unauthorized information disclosure (Samsung Mobile).

Samsung has addressed this vulnerability in the December 2023 Security Maintenance Release (SMR Dec-2023 Release 1). The patch adds proper access control to prevent unauthorized file access. Users are advised to update their devices to the latest security patch level (Samsung Mobile).

The vulnerability was discovered and reported by Chen Jiang of vivo kM1rr0rs secLab on August 6, 2023. Samsung acknowledged the researcher's contribution in their security bulletin (Samsung Mobile).