CVE-2021-39775: 
NixOS vulnerability analysis and mitigation

In People, there is a possible way to determine whether an app is installed, without query permissions, due to side channel information disclosure. This vulnerability (CVE-2021-39775) affects Android 12L operating system. The vulnerability was disclosed in March 2022 (Android Bulletin).

The vulnerability is classified as an information disclosure vulnerability that allows local attackers to determine if specific apps are installed on the device without having the necessary query permissions. The vulnerability has been assigned a CVSS v3.1 base score of 5.5 (MEDIUM) with the vector string CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N (NVD).

This vulnerability could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation. The vulnerability allows attackers to bypass Android's permission system to detect installed applications, potentially compromising user privacy (NVD).

The vulnerability has been addressed in Android 12L security updates. Users should ensure their devices are updated with the latest security patches to mitigate this vulnerability (Android Bulletin).