CVE-2021-0987: 
NixOS vulnerability analysis and mitigation

In Android 12, a vulnerability was identified in the getNeighboringCellInfo function of PhoneInterfaceManager.java that allows potential information disclosure about installed applications without requiring query permissions. This vulnerability (CVE-2021-0987) was disclosed in December 2021 and affects Android systems running version 12 (Android Bulletin).

The vulnerability exists in the getNeighboringCellInfo function within PhoneInterfaceManager.java and exploits side channel information disclosure to determine whether specific applications are installed on the device. The severity is rated as LOW with a CVSS 3.1 base score of 3.3 (Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N). The vulnerability is classified under CWE-203 (Observable Discrepancy) (NVD).

The vulnerability allows local information disclosure about installed applications without requiring query permissions. While the impact is limited to information disclosure with no ability to modify or destroy data, it could potentially be used for targeted attacks or surveillance by determining which applications are installed on a device (NVD).

The vulnerability was addressed in the Android Security Bulletin for December 2021. Users should update their Android devices to the latest available security patch level to mitigate this vulnerability (Android Bulletin).