CVE-2022-20142: 
NixOS vulnerability analysis and mitigation

A vulnerability in Android's GeofenceHardwareRequestParcelable.java component was identified and tracked as CVE-2022-20142. The vulnerability affects multiple Android versions including Android 10, 11, 12, and 12L. This security issue was disclosed in the June 2022 Android Security Bulletin and was assigned Android ID A-216631962 (Android Bulletin).

The vulnerability exists in the createFromParcel function of GeofenceHardwareRequestParcelable.java, which could lead to arbitrary code execution due to a parcel mismatch. The vulnerability has been assigned a CVSS v3.1 base score of 7.8 (HIGH) with the vector string CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H, indicating local access, low attack complexity, low privileges required, no user interaction needed, and high impact on confidentiality, integrity, and availability (NVD).

If exploited, this vulnerability could lead to local escalation of privilege on affected Android devices. The high CVSS score indicates severe potential impacts on system confidentiality, integrity, and availability. No additional execution privileges are needed for exploitation (NVD).

The vulnerability was addressed in the June 2022 Android Security Bulletin. Users of affected Android versions (10, 11, 12, and 12L) should ensure their devices are updated with the latest security patches (Android Bulletin).