CVE-2021-39675: 
NixOS vulnerability analysis and mitigation

CVE-2021-39675 is a critical vulnerability discovered in Android 12's System component, specifically in the GKIgetbuf function of gkibuffer.cc. The vulnerability was disclosed in February 2022 as part of Android's monthly security updates. The flaw affects Android 12 devices and could lead to remote escalation of privilege without requiring any user interaction or additional execution privileges (NVD, SecurityWeek).

The vulnerability is caused by a possible out of bounds write due to a heap buffer overflow in the GKIgetbuf function of gkibuffer.cc. The issue is related to Android's wireless NFC code, where an additional check was needed to ensure a size parameter isn't too large. The vulnerability has received a CVSS v3.1 base score of 9.8 (CRITICAL) with a vector string of CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H (NVD, Register).

The vulnerability could allow attackers to achieve remote escalation of privilege with no additional execution privileges needed and without requiring any user interaction. This level of access could potentially give attackers complete control over affected devices (BleepingComputer, SecurityWeek).

The vulnerability was patched in the February 2022 Android security updates. Google Pixel devices from '3a' up to '6 Pro' received the security update immediately. Other Android device manufacturers need to bundle the updates separately for each device model. Users are strongly advised to update their devices to the latest available security patch (BleepingComputer, Register).