CVE-2022-20275: 
NixOS vulnerability analysis and mitigation

In DevicePolicyManager of Android 13, there exists a vulnerability (CVE-2022-20275) that allows determining whether an app is installed without query permissions, due to side channel information disclosure. The vulnerability was discovered and disclosed in August 2022, affecting Android version 13 systems (Android Bulletin).

The vulnerability has been assigned a CVSS v3.1 Base Score of 5.5 (MEDIUM) with the vector string CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N. The vulnerability is classified under CWE-203 (Observable Discrepancy). The issue stems from a side channel information disclosure in the DevicePolicyManager component, identified by Android ID: A-205836975 (NVD).

A successful exploitation of this vulnerability could lead to local information disclosure without requiring additional execution privileges. The attacker could potentially determine whether specific apps are installed on the device, bypassing normal permission requirements (NVD).

Google has addressed this vulnerability in Android 13. Users should ensure their devices are updated with the latest security patches provided through the Android security bulletin (Android Bulletin).