CVE-2021-0997: 
NixOS vulnerability analysis and mitigation

In handleUpdateNetworkState of GnssNetworkConnectivityHandler.java, there is a possible APN disclosure vulnerability affecting Android 12. The vulnerability was discovered and disclosed in December 2021, identified as CVE-2021-0997. This security issue involves log information disclosure that could potentially expose sensitive APN (Access Point Name) data (Android Bulletin).

The vulnerability has been assigned a CVSS 3.1 Base Score of 5.5 (Medium) with the vector string CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N. The issue is classified under CWE-532 (Insertion of Sensitive Information into Log File). The vulnerability requires local access and low complexity to exploit, with no user interaction needed. While it has high confidentiality impact, it does not affect integrity or availability (NVD).

The vulnerability could lead to local information disclosure of APN (Access Point Name) data through log information exposure. This exposure occurs without requiring additional execution privileges, potentially compromising sensitive network configuration details (NVD).

The vulnerability was addressed in the Android Security Bulletin for December 2021. Users should update their Android 12 devices to the latest security patch level to mitigate this vulnerability (Android Bulletin).