CVE-2022-20125: 
NixOS vulnerability analysis and mitigation

A vulnerability in Google's GBoard keyboard application (CVE-2022-20125) was discovered that allows bypassing factory reset protections through a sandbox escape mechanism. The vulnerability affects Android versions 10, 11, 12, and 12L. This security issue was disclosed in June 2022 and assigned Android ID A-194402515 (NVD, CVE).

The vulnerability has been assigned a CVSS v3.1 base score of 6.8 (Medium), with the vector string CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H. Under CVSS v2.0, it received a base score of 7.2 (High) with vector (AV:L/AC:L/Au:N/C:C/I:C/A:C). The vulnerability requires physical access to the device but needs no additional execution privileges or user interaction for exploitation (NVD).

If successfully exploited, this vulnerability could lead to local escalation of privilege when an attacker has physical access to the device. The high impact scores across confidentiality, integrity, and availability indicate that successful exploitation could result in complete compromise of the affected system's security (NVD).

Google has addressed this vulnerability in the Android Security Bulletin for June 2022. Users should ensure their devices are updated with the security patch level dated June 1, 2022, or later (Android Security Bulletin).