CVE-2024-20804: 
NixOS vulnerability analysis and mitigation

Path traversal vulnerability in FileUriConverter of MyFiles prior to SMR Jan-2024 Release 1 in Android 11 and Android 12, and version 14.5.00.21 in Android 13 allows local attackers to write arbitrary files (Samsung Mobile, NVD). The vulnerability was discovered and disclosed in January 2024.

The vulnerability has been assigned a CVSS v3.1 base score of 5.5 (MEDIUM) with the vector string CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N according to NVD's assessment. Samsung Mobile's assessment differs slightly with a CVSS score of 4.0 (MEDIUM) and vector string CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N. The vulnerability is classified as CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') (NVD).

The vulnerability allows local attackers to write arbitrary files to the system, potentially compromising system integrity. The impact is primarily focused on file system integrity, with no direct impact on confidentiality or availability (NVD).

Samsung has released patches as part of the SMR Jan-2024 Release 1 update for affected devices. Users should update their devices to this version or later to mitigate the vulnerability. For Android 13 devices specifically, updating to version 14.5.00.21 or later will address the issue (Samsung Mobile).