CVE-2022-20465: 
NixOS vulnerability analysis and mitigation

CVE-2022-20465 is a high-severity security vulnerability affecting all Google Pixel smartphones running Android versions 10 through 13. The flaw was discovered by security researcher David Schütz in June 2022 and was patched in November 2022. The vulnerability exists in the dismiss and related functions of KeyguardHostViewController.java and related files, which could allow an attacker with physical access to bypass the lock screen protections (NVD, SecurityWeek).

The vulnerability has a CVSS v3.1 base score of 4.6 (Medium) with a vector string of CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N. The issue stems from a race condition vulnerability in the .dismiss() function called after the PUK code has been entered. When the function is called, it's meant to dismiss the current security screen, but due to a logic error, the component monitoring the SIM state in the background would change the security screen right before the .dismiss() function was called, resulting in the PIN/password/pattern screen being dismissed instead (SecurityWeek).

The vulnerability allows an attacker with physical access to completely bypass the lock screen protections, including fingerprint, PIN, and pattern locks, gaining full access to the user's device. This represents a significant security risk as it enables unauthorized access to all data and functionality on the affected device without requiring any additional execution privileges (Hacker News).

Google addressed this vulnerability in the November 2022 Android security updates. The fix involved modifying the .dismiss() function by adding a new parameter where the function caller specifies which type of security screen should be dismissed. Users are strongly recommended to update their devices to a security patch level of 2022-11-05 or later to protect against this vulnerability (Hacker News).

Google acknowledged the severity of the vulnerability by awarding the researcher David Schütz a significant bug bounty of $70,000. Initially marked as a duplicate report, the vulnerability gained attention after the researcher demonstrated the issue in person to Google engineers, leading to an expedited patch release (SecurityWeek).