CVE-2020-0084: 
NixOS vulnerability analysis and mitigation

CVE-2020-0084 is a security vulnerability affecting Android 10 that was disclosed in March 2020. The vulnerability exists in several functions of NotificationManagerService.java where missing permission checks could allow local escalation of privilege by creating fake system notifications. This vulnerability requires no additional execution privileges or user interaction for exploitation (Android Bulletin).

The vulnerability is classified as a Missing Authorization issue (CWE-862) with a CVSS v3.1 base score of 7.8 (HIGH), with the vector string CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H. The vulnerability stems from missing permission checks in NotificationManagerService.java, which could be exploited locally (NVD).

If exploited, this vulnerability allows a local attacker to achieve privilege escalation by creating fake system notifications. The high CVSS score indicates that successful exploitation could lead to complete compromise of confidentiality, integrity, and availability of the affected system (NVD).

The vulnerability was addressed in the Android security bulletin for March 2020. Users should ensure their Android devices are updated to the latest available security patch level that includes fixes for this vulnerability (Android Bulletin).