CVE-2021-39744: 
NixOS vulnerability analysis and mitigation

CVE-2021-39744 is a vulnerability discovered in Android's DevicePolicyManager component. The vulnerability allows an attacker to determine whether an app is installed without having query permissions, due to side channel information disclosure. This vulnerability affects Android 12L and was disclosed in the Android Security Bulletin (Android Bulletin).

The vulnerability exists in DevicePolicyManager where a side channel information disclosure allows unauthorized access to app installation status. It has been assigned a CVSS v3.1 Base Score of 5.5 (MEDIUM) with the vector string CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N, indicating local access is required, low attack complexity, and high confidentiality impact (NVD).

This vulnerability could lead to local information disclosure with no additional execution privileges needed. The attacker can determine the installation status of applications without having the proper query permissions, potentially compromising user privacy (NVD).

The vulnerability has been patched in Android 12L. Users should update their devices to the latest available version that includes this security fix (Android Bulletin).