CVE-2022-20351: 
NixOS vulnerability analysis and mitigation

CVE-2022-20351 is a SQL injection vulnerability discovered in the queryInternal function of CallLogProvider.java in Android. The vulnerability affects Android versions 10, 11, 12, and 12L, and was disclosed in the October 2022 Android Security Bulletin (Android Bulletin). The vulnerability could allow local attackers to access voicemail information without requiring additional execution privileges or user interaction (NVD).

The vulnerability is classified as an SQL injection vulnerability (CWE-89) that exists in the queryInternal function of CallLogProvider.java. It has been assigned a CVSS v3.1 base score of 5.5 (Medium) with the vector string CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N, indicating local access, low attack complexity, low privileges required, no user interaction needed, and high confidentiality impact (NVD).

The vulnerability can lead to local information disclosure, specifically allowing unauthorized access to voicemail information. The impact is primarily focused on confidentiality, with no direct impact on system integrity or availability (NVD).

Google addressed this vulnerability in the October 2022 Android Security Bulletin. Users should update their Android devices to the latest security patch level to mitigate this vulnerability (Android Bulletin).