CVE-2021-39756: 
NixOS vulnerability analysis and mitigation

In Framework, there is a possible way to determine whether an app is installed, without query permissions, due to side channel information disclosure. This vulnerability (CVE-2021-39756) affects Android 12L operating system. The vulnerability was discovered and reported by Google's Android security team (Android Bulletin).

The vulnerability has been assigned a CVSS v3.1 Base Score of 5.5 (MEDIUM) with the vector string CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N. The vulnerability is classified under CWE-203 (Observable Discrepancy). The issue exists in the Framework component and allows information disclosure without requiring additional execution privileges or user interaction (NVD).

This vulnerability could lead to local information disclosure with no additional execution privileges needed. An attacker could potentially determine whether specific applications are installed on the device without having the necessary query permissions, which violates Android's permission model (NVD).

The vulnerability has been addressed in Android 12L. Users should ensure their devices are updated to the latest available version that includes the security patch (Android Bulletin).