CVE-2022-20462: 
NixOS vulnerability analysis and mitigation

CVE-2022-20462 is a vulnerability discovered in the phNxpNciHal_write_unlocked function of phNxpNciHal.cc in Android. The vulnerability was disclosed in the November 2022 Android Security Bulletin and affects Android versions 10, 11, 12, 12L, and 13. The issue stems from a missing bounds check that could lead to an out-of-bounds write condition (Android Security Bulletin).

The vulnerability is classified as an Out-of-bounds Write (CWE-787) vulnerability. It received a CVSS v3.1 base score of 7.8 (HIGH), with the vector string CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H. The vulnerability exists in the phNxpNciHal_write_unlocked function where a missing bounds check could allow for memory corruption (NVD).

The vulnerability could lead to local escalation of privilege with no additional execution privileges needed. If successfully exploited, an attacker could gain elevated privileges and potentially execute arbitrary code within the context of a privileged process. User interaction is not required for exploitation (Android Security Bulletin).

The vulnerability was addressed in the Android Security Bulletin of November 2022. Users should update their Android devices to the latest available security patch level to mitigate this vulnerability (Android Security Bulletin).