CVE-2021-0508: 
NixOS vulnerability analysis and mitigation

CVE-2021-0508 is a vulnerability discovered in Android's DrmPlugin.cpp that affects multiple Android versions (8.1, 9, 10, and 11). The vulnerability was disclosed in the June 2021 Android Security Bulletin and is identified by Android ID A-176444154 (Android Bulletin).

The vulnerability is characterized by a possible use-after-free condition due to a race condition in various functions of DrmPlugin.cpp. The vulnerability has been assigned a CVSS v3.1 base score of 7.0 (HIGH) with the vector string CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H. The vulnerability is associated with CWE-362 (Concurrent Execution using Shared Resource with Improper Synchronization) and CWE-416 (Use After Free) (NVD).

The vulnerability could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not required for exploitation, making it particularly concerning for device security (NVD).

Google has released patches for this vulnerability as part of the June 2021 Android Security Bulletin. Users should update their Android devices to the latest available security patch level to mitigate this vulnerability (Android Bulletin).