CVE-2022-20395: 
NixOS vulnerability analysis and mitigation

CVE-2022-20395 is a path traversal vulnerability discovered in the checkAccess function of MediaProvider.java in Android. The vulnerability was disclosed on September 13, 2022, affecting Android versions 11, 12, 12L, and 13. This security flaw could enable local attackers to perform file deletion operations through path traversal exploitation (NVD).

The vulnerability exists in the checkAccess function of MediaProvider.java, where improper path validation could lead to unauthorized file deletion. The issue has been assigned a CVSS v3.1 base score of 7.8 (HIGH) with the vector string CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H. The vulnerability is classified as CWE-22 (Improper Limitation of a Pathname to a Restricted Directory) (NVD).

The vulnerability allows local attackers to escalate privileges and perform unauthorized file deletion operations. No additional execution privileges are required for exploitation, and user interaction is not needed. The successful exploitation could lead to significant data loss and system integrity compromise (NVD).

Google has addressed this vulnerability in the September 2022 Android Security Bulletin. Users are advised to update their Android devices to the latest available security patch level to protect against this vulnerability (Android Security Bulletin).