CVE-2024-20899: 
NixOS vulnerability analysis and mitigation

Use of implicit intent for sensitive communication in RCS function in IMS service prior to SMR Jul-2024 Release 1 allows local attackers to get sensitive information. The vulnerability is tracked as CVE-2024-20899 and affects Samsung Android devices running versions 12.0 and later. The issue was discovered and reported to Samsung Mobile, with a disclosure date of July 2, 2024 (NVD CVE).

The vulnerability has been assigned a CVSS v3.1 base score of 5.5 (MEDIUM) by NIST with the vector string CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N. Samsung Mobile's assessment differs slightly, rating it with a CVSS score of 4.0 (MEDIUM) and vector string CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N. The vulnerability specifically relates to the improper implementation of implicit intents in the RCS (Rich Communication Services) function within the IMS (IP Multimedia Subsystem) service (NVD CVE).

The vulnerability allows local attackers to access sensitive information through the RCS function in the IMS service. The impact is primarily focused on confidentiality, with no direct impact on integrity or availability of the system (NVD CVE).

Samsung has addressed this vulnerability in the SMR Jul-2024 Release 1 security update. Users are advised to update their devices to this version or later to mitigate the risk (Samsung Mobile).