CVE-2024-20889: 
NixOS vulnerability analysis and mitigation

Improper authentication in BLE prior to SMR Jul-2024 Release 1 allows adjacent attackers to pair with devices. The vulnerability was discovered and reported to Samsung Mobile, with a CVE identifier CVE-2024-20889 assigned. The vulnerability affects Samsung Android devices running versions 12.0 and later (NVD, CVE).

The vulnerability has been assigned a CVSS v3.1 base score of 4.3 (MEDIUM) by NIST with vector string CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N, while Samsung Mobile assessed it with a score of 5.9 (MEDIUM) and vector string CVSS:3.1/AV:A/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:H. The vulnerability is classified as CWE-287 (Improper Authentication) (NVD).

The vulnerability allows adjacent attackers to pair with affected devices without proper authentication. This could potentially lead to unauthorized access to device functions and data that should be protected by the Bluetooth pairing process (NVD).

Samsung has addressed this vulnerability in the SMR Jul-2024 Release 1 security update. Users of affected devices should update their firmware to this version or later to protect against this vulnerability (Samsung Advisory).