CVE-2021-0956: 
NixOS vulnerability analysis and mitigation

CVE-2021-0956 is a critical vulnerability discovered in Android's NfcTag component, specifically in the discoverTechnologies function of NfcTag.cpp. The vulnerability was disclosed in December 2021 and affects Android versions 11 and 12. This security flaw involves a possible out-of-bounds write operation due to an incorrect bounds check (Android Bulletin).

The vulnerability exists in the NfcTag::discoverTechnologies (activation) function within NfcTag.cpp. It is characterized by an out-of-bounds write vulnerability (CWE-787) resulting from an improper bounds check implementation. The severity of this vulnerability is rated as CRITICAL with a CVSS v3.1 base score of 9.8 (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H) (NVD).

The vulnerability can lead to remote escalation of privilege with no additional system execution privileges needed. The high CVSS score indicates that successful exploitation could result in complete compromise of system confidentiality, integrity, and availability. Notably, no user interaction is required for exploitation (Android Bulletin).

Google has addressed this vulnerability in the Android Security Bulletin of December 2021. Users of affected Android versions (11 and 12) should update their devices to the latest security patch level to mitigate this vulnerability (Android Bulletin).