CVE-2024-34612: 
NixOS vulnerability analysis and mitigation

Out-of-bound write in libcodec2secmp4vdec.so prior to SMR Aug-2024 Release 1 allows local attackers to execute arbitrary code (NVD, CVE). The vulnerability was discovered and reported on August 6, 2024, affecting Samsung Android devices running versions 12.0, 13.0, and 14.0.

The vulnerability is classified as CWE-787 (Out-of-bounds Write) with a CVSS v3.1 base score of 7.8 (HIGH) according to NIST's assessment (CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H). Samsung Mobile's own assessment rated it with a CVSS score of 7.3 (HIGH) with the vector string CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:L/I:H/A:L (NVD).

The vulnerability allows local attackers to execute arbitrary code with elevated privileges, potentially compromising the security of the affected device. The high severity ratings from both NIST and Samsung indicate significant potential impact on system confidentiality, integrity, and availability (NVD).

The vulnerability has been patched in the SMR Aug-2024 Release 1. Users of affected Samsung devices should update their systems to this release or later to mitigate the vulnerability (Samsung Advisory).