CVE-2021-39772: 
NixOS vulnerability analysis and mitigation

In Bluetooth functionality of Android 12L, a vulnerability was discovered (CVE-2021-39772) that allows unauthorized access to the a2dp audio control switch due to a missing permission check. The vulnerability was disclosed and documented in the Android security bulletin, affecting Android 12L systems (Android Security Bulletin).

The vulnerability stems from a missing permission check in the Bluetooth implementation, specifically affecting the a2dp (Advanced Audio Distribution Profile) audio control switch. The issue has been assigned a CVSS v3.1 base score of 8.8 (HIGH) with the vector string CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H, indicating adjacent network access vector, low attack complexity, no privileges required, and no user interaction needed (NVD Database).

The vulnerability can lead to local escalation of privilege with no additional execution privileges needed. The high CVSS score indicates that successful exploitation could result in complete compromise of confidentiality, integrity, and availability of the affected system components (NVD Database).

The vulnerability has been addressed in the Android 12L security update. Users and system administrators are advised to apply the latest security patches provided in the Android 12L Security Bulletin to mitigate this vulnerability (Android Security Bulletin).