CVE-2022-20488: 
NixOS vulnerability analysis and mitigation

In NotificationChannel of NotificationChannel.java, there is a possible failure to persist permissions settings due to resource exhaustion. This vulnerability (CVE-2022-20488) affects Android versions 10, 11, 12, 12L, and 13. The vulnerability could lead to local escalation of privilege with no additional execution privileges needed, and user interaction is not required for exploitation (Android Bulletin).

The vulnerability has been assigned a CVSS v3.1 Base Score of 7.8 (HIGH) with the following vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H. The vulnerability is classified under CWE-1284 (Improper Validation of Specified Quantity in Input). The issue specifically affects the NotificationChannel component and involves resource exhaustion that can prevent proper persistence of permissions settings (NVD).

The vulnerability can lead to local escalation of privilege, potentially allowing an attacker to gain elevated access to system resources. The high CVSS score indicates significant potential impact on confidentiality, integrity, and availability of the affected system (NVD).

The vulnerability was addressed in the Android Security Bulletin of December 2022. Users should update their Android devices to the latest available security patch level to mitigate this vulnerability (Android Bulletin).