CVE-2025-20887: 
NixOS vulnerability analysis and mitigation

CVE-2025-20887 is an out-of-bounds read vulnerability discovered in Samsung's libsthmbc.so library. The vulnerability was disclosed on February 4, 2025, and affects Samsung Android devices running versions 12, 13, and 14. The issue exists in the table access mechanism used for svp8t functionality and requires user interaction to be triggered (Samsung Advisory).

The vulnerability is classified as a CWE-125 (Out-of-bounds Read) type issue. It received a CVSS v3.1 base score of 5.5 (MEDIUM) from NIST with the vector string CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N, while Samsung Mobile assessed it with a slightly lower score of 5.3 (MEDIUM) with the vector string CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:U/C:H/I:N/A:L (NVD).

When exploited, the vulnerability allows local attackers to read arbitrary memory on affected devices. The impact is limited to information disclosure, with no direct impact on system integrity or availability (Samsung Advisory).

Samsung has addressed this vulnerability in their January 2025 Security Maintenance Release (SMR). The patch adds proper input validation to prevent out-of-bounds read operations. Users are advised to update their devices to SMR Jan-2025 Release 1 or later (Samsung Advisory).