CVE-2022-20494: 
NixOS vulnerability analysis and mitigation

CVE-2022-20494 is a vulnerability discovered in the AutomaticZenRule component of Android's AutomaticZenRule.java file. The vulnerability was disclosed in January 2023 and affects multiple Android versions including Android 10, 11, 12, 12L, and 13. This persistent denial of service vulnerability occurs due to resource exhaustion, which could lead to local denial of service without requiring additional execution privileges or user interaction (NVD).

The vulnerability exists in the AutomaticZenRule component and is characterized by resource exhaustion issues that can lead to a persistent denial of service condition. The severity of this vulnerability has been assessed with a CVSS v3.1 Base Score of 5.5 (MEDIUM), with the following vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H. The vulnerability is classified under CWE-770 (Allocation of Resources Without Limits or Throttling) (NVD).

When exploited, this vulnerability can result in a local denial of service condition. The impact is limited to availability, with no direct impact on confidentiality or integrity of the system. The persistent nature of the denial of service makes this vulnerability particularly concerning as it could lead to sustained service disruption (NVD).

The vulnerability was addressed in the January 2023 Android Security Bulletin. Users should update their Android devices to the latest security patch level to mitigate this vulnerability. The fix was included in the 2023-01-01 security patch level (Android Bulletin).