CVE-2021-39766: 
NixOS vulnerability analysis and mitigation

In Settings on Android 12L, there exists a vulnerability (CVE-2021-39766) where it's possible to determine whether an app is installed without having query permissions. This vulnerability was discovered through side channel information disclosure and affects the Android operating system. The issue was disclosed in the Android Security Bulletin (Android Bulletin).

The vulnerability has been assigned a CVSS v3.1 base score of 5.5 (MEDIUM) with the vector string CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N. The vulnerability is classified under CWE-203 (Observable Discrepancy). The issue exists in the Settings component where side channel information disclosure allows determining the installation status of applications without proper query permissions (NVD).

This vulnerability could lead to local information disclosure without requiring additional execution privileges. The impact is primarily focused on confidentiality, with no direct impact on integrity or availability. An attacker could potentially use this vulnerability to determine which applications are installed on a device, bypassing the normal permission requirements (NVD).

The vulnerability has been addressed in the Android 12L security update. Users are recommended to update their devices to the latest available security patch level to mitigate this vulnerability (Android Bulletin).