CVE-2024-20814: 
NixOS vulnerability analysis and mitigation

Out-of-bounds Read vulnerability (CVE-2024-20814) was discovered in padmd_vld_ac_prog_refine of libpadm.so affecting Samsung mobile devices prior to SMR Feb-2024 Release 1. The vulnerability was reported and disclosed privately, with Samsung releasing patches as part of their February 2024 Security Maintenance Release (Samsung Advisory).

The vulnerability is classified as an Out-of-bounds Read issue in the padmd_vld_ac_prog_refine function of libpadm.so library. It has been assigned a CVSS v3.1 base score of 5.5 (MEDIUM) with the vector string CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N by NIST NVD, while Samsung Mobile assigned it a score of 4.0 (MEDIUM) with vector string CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N. The vulnerability is categorized under CWE-125 (Out-of-bounds Read) (NVD).

When exploited, this vulnerability allows local attackers to access unauthorized information through an out-of-bounds read condition in the affected component (Samsung Advisory).

Samsung has addressed this vulnerability in their February 2024 Security Maintenance Release (SMR Feb-2024 Release 1). Users should update their devices to the latest available security patch to mitigate this vulnerability (Samsung Advisory).