CVE-2021-1008: 
NixOS vulnerability analysis and mitigation

A vulnerability identified as CVE-2021-1008 was discovered in Android 12's SubscriptionController.java component, specifically in the addSubInfo function. The vulnerability was disclosed in December 2021 and affects Android operating system version 12.0. This security issue was documented with Android ID A-197327688 (NVD).

The vulnerability stems from a logic error in the addSubInfo function of SubscriptionController.java. It received a CVSS v3.1 base score of 4.4 (MEDIUM) with the vector string CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H. Under CVSS v2.0, it was rated with a base score of 2.1 (LOW) with the vector string (AV:L/AC:L/Au:N/C:N/I:N/A:P) (NVD).

The vulnerability can force users to perform a factory reset on their Android devices, resulting in a local denial of service condition. The impact is limited to availability, with no direct effect on confidentiality or integrity of the system (NVD).

Google addressed this vulnerability in the Android Security Bulletin for Pixel devices in December 2021. Users should ensure their Android devices are updated with the latest security patches (Vendor Advisory).