CVE-2025-20937: 
NixOS vulnerability analysis and mitigation

Out-of-bounds write in Keymaster trustlet prior to SMR May-2025 Release 1 affects Samsung devices running Android versions 13, 14, and 15. The vulnerability, identified as CVE-2025-20937, was discovered by DARKNAVY and reported on September 19, 2024. This security issue allows local privileged attackers to write out-of-bounds memory (Samsung Mobile, NVD).

The vulnerability is classified as a high-severity issue with a CVSS v3.1 base score of 6.7 (MEDIUM) and vector string CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H. The vulnerability is categorized under CWE-787 (Out-of-bounds Write) and specifically affects the Keymaster trustlet component, which is responsible for handling cryptographic operations (NVD, Wiz).

The vulnerability allows local privileged attackers to write to out-of-bounds memory locations. This could potentially lead to memory corruption, system crashes, or privilege escalation. The high confidentiality, integrity, and availability impact ratings suggest that successful exploitation could result in significant system compromise (Samsung Mobile).

Samsung has addressed this vulnerability in the May 2025 Security Maintenance Release (SMR). The patch adds proper input validation to prevent out-of-bounds memory writes. Users are advised to update their devices to the latest security patch level to protect against this vulnerability (Samsung Mobile).