CVE-2025-20883: 
NixOS vulnerability analysis and mitigation

Improper access control in SoundPicker prior to SMR Jan-2025 Release 1 allows physical attackers to access data across multiple user profiles. The vulnerability, tracked as CVE-2025-20883, was discovered and reported on May 29, 2024, affecting Android versions 12, 13, and 14 (Samsung Security).

The vulnerability stems from improper access control mechanisms in the SoundPicker component, which could allow unauthorized access to data across different user profiles on affected devices. The issue was assigned a High severity rating, indicating its significant potential impact on system security (Samsung Security).

When exploited, this vulnerability enables physical attackers to bypass access controls and access data that should be restricted across multiple user profiles on the affected device. This breach of security boundaries could potentially expose sensitive information stored in different user profiles (Samsung Security).

The vulnerability was addressed in the Samsung Mobile Security Maintenance Release (SMR) Jan-2025 Release 1. The patch implements proper access control mechanisms to prevent unauthorized access across user profiles. Users of affected devices should update their systems to this release or later to protect against this vulnerability (Samsung Security).