CVE-2022-20242: 
NixOS vulnerability analysis and mitigation

A vulnerability in Android's Telephony component (CVE-2022-20242) was identified that allows determining whether an app is installed without proper query permissions. The vulnerability affects Android 13 and was disclosed through the Android Security Bulletin. This security flaw stems from side channel information disclosure, potentially compromising user privacy (Android Bulletin).

The vulnerability has been assigned a CVSS v3.1 base score of 5.5 (MEDIUM) with the vector string CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N. The vulnerability is classified under CWE-203 (Observable Discrepancy). It requires local access with low attack complexity and privileged access, but no user interaction is needed for exploitation (NVD).

The vulnerability allows unauthorized access to information about installed applications on the device. This could lead to local information disclosure without requiring additional execution privileges, potentially compromising user privacy and application installation details (NVD).

The vulnerability affects Android 13.0.0 and has been addressed by Google through their security bulletin. Users should ensure their devices are updated with the latest security patches provided through the Android Security Bulletin (Android Bulletin).