CVE-2022-20329: 
NixOS vulnerability analysis and mitigation

In Android 13, there exists a vulnerability in the WiFi component that allows enabling WiFi without proper permissions due to a missing permission check (CVE-2022-20329). This vulnerability was disclosed in the Android Security Bulletin and affects Android version 13 (Android Security Bulletin).

The vulnerability is classified as a missing authorization issue (CWE-862) that could lead to local escalation of privilege. The vulnerability has received a CVSS v3.1 Base Score of 7.8 (HIGH) with the following vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H. This indicates local access is required, low attack complexity, low privileges needed, no user interaction required, and high impact on confidentiality, integrity, and availability (NVD).

The vulnerability allows an attacker to enable WiFi without proper permissions, leading to local escalation of privilege. No additional execution privileges are needed for exploitation, and user interaction is not required. This could potentially allow unauthorized control over the device's WiFi functionality (NVD).

The vulnerability has been addressed in Android 13. Users should ensure their devices are updated to the latest available security patch level that includes fixes for this vulnerability (Android Security Bulletin).