CVE-2019-2089: 
NixOS vulnerability analysis and mitigation

In Android 10, a vulnerability (CVE-2019-2089) was identified in the app uninstallation process. The vulnerability could potentially result in a set of permissions not being properly removed from a shared app ID. This issue was discovered and reported through the Android security program (Android Bulletin).

The vulnerability has been assigned a CVSS v3.1 Base Score of 7.8 (HIGH) with the vector string CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H. The vulnerability is classified under CWE-732 (Incorrect Permission Assignment for Critical Resource). The issue requires local access and user interaction for exploitation, but does not require additional execution privileges (NVD).

If successfully exploited, this vulnerability could lead to a local escalation of privilege. The retained permissions from the shared app ID could potentially allow unauthorized access to protected resources or functionality, compromising the security model of the Android system (NVD).

The vulnerability was addressed in Android 10's security updates. Users should ensure their devices are updated with the latest security patches provided by Google (Android Bulletin).