CVE-2025-31711: 
NixOS vulnerability analysis and mitigation

A null pointer dereference vulnerability was discovered in the cplog service affecting various Unisoc chipsets and Android versions. The vulnerability, identified as CVE-2025-31711, was disclosed on June 3, 2025, and could potentially lead to local denial of service attacks. The affected systems include Android versions 13.0, 14.0, and 15.0, as well as multiple Unisoc chipsets including SC9863A, SC9832E, SC7731E, T610, T310, and T606 (NVD).

The vulnerability is characterized by a null pointer dereference in the cplog service. It has been assigned a CVSS v3.1 base score of 6.2 (Medium) by NIST with a vector string of CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H, indicating local attack vector, low attack complexity, no privileges required, and no user interaction needed. The vulnerability has been classified under CWE-476 (NULL Pointer Dereference) (NVD).

The vulnerability can result in a system crash through a null pointer dereference, leading to a local denial of service condition. No additional execution privileges are required to exploit this vulnerability, making it particularly concerning for system stability (NVD).