CVE-2024-20897: 
NixOS vulnerability analysis and mitigation

Use of implicit intent for sensitive communication in FCM function in IMS service prior to SMR Jul-2024 Release 1 allows local attackers to get sensitive information. This vulnerability, identified as CVE-2024-20897, affects Samsung mobile devices running Android versions 12, 13, and 14 (Samsung Advisory).

The vulnerability has been assigned a CVSS v3.1 base score of 5.5 (Medium) by NIST with the vector string CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N. Samsung Mobile assigned a lower CVSS score of 4.0 (Medium) with the vector string CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N. The vulnerability stems from the improper implementation of implicit intents in the FCM (Firebase Cloud Messaging) function within the IMS service (NVD).

The vulnerability allows local attackers to access sensitive information. The confidentiality impact is rated as High by NIST's assessment, while there are no direct impacts on integrity or availability of the system (NVD).

Samsung has addressed this vulnerability in the SMR Jul-2024 Release 1 security update. Users are advised to update their devices to this version or later to mitigate the risk (Samsung Advisory).