CVE-2024-34585: 
NixOS vulnerability analysis and mitigation

Improper access control in launchApp of SystemUI prior to SMR Jul-2024 Release 1 allows local attackers to launch privileged activities. The vulnerability is tracked as CVE-2024-34585 and was discovered in July 2024. It affects Samsung Android devices running Android versions 12, 13, and 14 (Samsung Advisory).

The vulnerability has been assigned a CVSS v3.1 Base Score of 7.8 (HIGH) with the following vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H. This indicates that the vulnerability requires local access, low attack complexity, low privileges, and no user interaction. The scope is unchanged, but the potential impact on confidentiality, integrity, and availability is high (NVD).

If exploited, this vulnerability allows local attackers to launch privileged activities, potentially leading to unauthorized access to system functions and elevated privileges. The high CVSS scores for confidentiality, integrity, and availability (all rated as High) indicate that successful exploitation could result in significant system compromise (NVD).

Samsung has addressed this vulnerability in the SMR Jul-2024 Release 1 security update. Users are strongly advised to update their devices to this version or later to protect against potential exploitation (Samsung Advisory).