CVE-2022-20506: 
NixOS vulnerability analysis and mitigation

CVE-2022-20506 is a security vulnerability discovered in Android 13's WifiDialogActivity.java component. The vulnerability stems from a missing permission check in the onCreate method, which could enable local privilege escalation from a guest user. The issue was disclosed with Android ID A-226133034 and was addressed in the December 2022 security update (Android Bulletin).

The vulnerability has been assigned a CVSS v3.1 Base Score of 7.8 (HIGH) with the following vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H. The technical nature of the vulnerability involves a missing permission check in the onCreate method of WifiDialogActivity.java, which could be exploited without requiring any additional execution privileges or user interaction (NVD).

The vulnerability allows a local attacker with guest user privileges to perform privilege escalation on the affected system. If successfully exploited, it could lead to complete compromise of confidentiality, integrity, and availability of the system within the scope of the affected component (NVD).

The vulnerability was addressed in the Android December 2022 security update. Users should ensure their Android devices are updated to the latest available security patch level to mitigate this vulnerability (Android Bulletin).