CVE-2021-39627: 
NixOS vulnerability analysis and mitigation

CVE-2021-39627 is a security vulnerability discovered in the LegacyModeSmsHandler.java component of Android operating systems. The vulnerability was identified in the sendLegacyVoicemailNotification function, where an unsafe PendingIntent could lead to a permissions bypass. This vulnerability affects multiple versions of Android including Android 9, 10, 11, and 12. The issue was disclosed in the January 2022 Android Security Bulletin (Android Bulletin).

The vulnerability is classified as an Incorrect Permission Assignment for Critical Resource (CWE-732). It received a CVSS v3.1 base score of 7.8 (HIGH), with the vector string CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H. The vulnerability exists in the sendLegacyVoicemailNotification function of LegacyModeSmsHandler.java, where improper handling of PendingIntent could allow for privilege escalation (NVD).

Successful exploitation of this vulnerability could lead to local escalation of privilege with User execution privileges. The high CVSS score indicates that the vulnerability could result in complete compromise of confidentiality, integrity, and availability of the affected system within the scope of the vulnerable component (NVD).

The vulnerability was addressed in the January 2022 Android Security Bulletin. Users are advised to update their Android devices to the latest available security patch level to mitigate this vulnerability (Android Bulletin).