CVE-2021-39754: 
NixOS vulnerability analysis and mitigation

In ContextImpl, there is a possible way to determine whether an app is installed, without query permissions, due to side channel information disclosure. This vulnerability, identified as CVE-2021-39754, affects Android 12L systems. The vulnerability was discovered and reported through the Android security program (Android Bulletin).

The vulnerability exists in the Android system's ContextImpl component and is classified as an information disclosure vulnerability. It has been assigned a CVSS v3.1 Base Score of 5.5 MEDIUM (Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N). The vulnerability allows local information disclosure without requiring additional execution privileges or user interaction (NVD).

The vulnerability could lead to local information disclosure, allowing an attacker to determine whether specific apps are installed on the device without having the necessary query permissions. This bypasses Android's permission system and potentially compromises user privacy (NVD).

The vulnerability has been addressed in Android 12L security updates. Users should ensure their devices are updated with the latest security patches provided by Google (Android Bulletin).