CVE-2024-20806: 
NixOS vulnerability analysis and mitigation

Improper access control in Notification service prior to SMR Jan-2024 Release 1 allows local attacker to access notification data. The vulnerability is tracked as CVE-2024-20806 and was discovered in Samsung mobile devices. The issue affects Android versions 12, 13, and 14. The vulnerability was assigned a CVSS v3.1 base score of 5.5 (Medium) by NIST and 6.2 (Medium) by Samsung Mobile (Samsung Advisory).

The vulnerability has been assigned CVSS v3.1 vectors of CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N by NIST and CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N by Samsung Mobile. This indicates it requires local access to exploit, has low attack complexity, and primarily impacts confidentiality through unauthorized access to notification data. The vulnerability does not impact integrity or availability of the system (NVD Database).

If exploited, this vulnerability allows local attackers to access notification data, potentially exposing sensitive information contained in notifications. The high confidentiality impact rating suggests that the attacker could gain access to substantial notification content (Samsung Advisory).

Samsung has addressed this vulnerability in the SMR Jan-2024 Release 1 security update. Users should update their devices to this version or later to protect against this vulnerability (Samsung Advisory).