CVE-2021-39751: 
NixOS vulnerability analysis and mitigation

In Android 12L, a vulnerability was discovered in the Settings component that allows unauthorized access to Bluetooth device names due to a missing permission check. This vulnerability, tracked as CVE-2021-39751, was disclosed and documented in the Android security bulletin. The vulnerability affects Android 12L systems and requires no user interaction for exploitation (Android Bulletin).

The vulnerability stems from a missing permission check in the Settings component of Android 12L. It has been assigned a CVSS v3.1 base score of 5.5 (MEDIUM) with the vector string CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N. The vulnerability is classified under CWE-862 (Missing Authorization) and allows local access to Bluetooth device names without proper authorization (NVD).

The vulnerability allows unauthorized access to Bluetooth device names, potentially leading to local information disclosure. The impact is limited to reading Bluetooth device names, but does not require additional execution privileges or user interaction for exploitation (NVD).

The vulnerability has been addressed in the Android 12L security update. Users should ensure their devices are updated to the latest available security patch level that includes fixes for this vulnerability (Android Bulletin).