CVE-2022-20449: 
NixOS vulnerability analysis and mitigation

CVE-2022-20449 is a path traversal vulnerability discovered in the writeApplicationRestrictionsLAr function of UserManagerService.java in Android. The vulnerability affects Android versions 10, 11, 12, 12L, and 13. It was disclosed and patched in December 2022 as part of Android's security bulletin (Android Bulletin).

The vulnerability is classified as a path traversal error (CWE-22) that could lead to improper limitation of a pathname to a restricted directory. It has been assigned a CVSS v3.1 base score of 4.4 (Medium) with the vector string CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H, indicating local access, low attack complexity, high privileges required, no user interaction needed, and high impact on availability (NVD).

The vulnerability could lead to local denial of service with System execution privileges. The impact is primarily focused on system availability, with no direct impact on confidentiality or integrity of the system (NVD).

The vulnerability was addressed in the Android Security Bulletin of December 2022. Users should update their Android devices to the latest security patch level to mitigate this vulnerability (Android Bulletin).