CVE-2024-34674: 
NixOS vulnerability analysis and mitigation

CVE-2024-34674 is a security vulnerability discovered in Samsung's Contacts application prior to SMR Nov-2024 Release 1. The vulnerability was reported on May 30, 2024, and involves improper access control that allows physical attackers to access data across multiple user profiles (Samsung Mobile).

The vulnerability has been assigned a CVSS v3.1 base score of 4.6 (MEDIUM) with the following vector: CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N. This indicates that the vulnerability requires physical access (AV:P), has low attack complexity (AC:L), requires no privileges (PR:N), needs no user interaction (UI:N), has unchanged scope (S:U), can result in high confidentiality impact (C:H), but has no impact on integrity (I:N) or availability (A:N) (NVD).

The vulnerability allows physical attackers to access data across multiple user profiles in the Contacts application. This represents a significant privacy concern as it could lead to unauthorized access to sensitive contact information stored across different user profiles on the affected device (Samsung Mobile).

Samsung has addressed this vulnerability by adding proper access control in the SMR Nov-2024 Release 1 security update. Users of affected devices should update their systems to this version or later to mitigate the risk (Samsung Mobile).