CVE-2022-20361: 
NixOS vulnerability analysis and mitigation

CVE-2022-20361 is a vulnerability discovered in Android's Bluetooth implementation, specifically in the btifdmauthcmplevt function of btif_dm.cc. The vulnerability affects Android versions 10, 11, 12, and 12L, and was disclosed in the August 2022 Android Security Bulletin (Android Bulletin). The issue stems from a weakness in the Cross-Transport Key Derivation within the Bluetooth Standard.

The vulnerability exists in the btifdmauthcmplevt function of btif_dm.cc component and is related to Cross-Transport Key Derivation implementation. It has been assigned a CVSS v3.1 base score of 9.8 CRITICAL with a vector string of CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H, indicating the highest severity level (NVD).

If exploited, this vulnerability could lead to remote escalation of privilege without requiring additional execution privileges. The high CVSS score indicates that successful exploitation could result in complete compromise of system confidentiality, integrity, and availability (NVD).

Google addressed this vulnerability in the August 2022 Android Security Bulletin. Users should update their Android devices to the security patch level dated August 1, 2022, or later to protect against this vulnerability (Android Bulletin).