CVE-2022-20528: 
NixOS vulnerability analysis and mitigation

A vulnerability was discovered in Android 13's HevcUtils.cpp component, identified as CVE-2022-20528. The issue involves a possible out of bounds read due to a missing bounds check in the findParam function. This vulnerability was disclosed in December 2022 and affects Android version 13 (Android Bulletin).

The vulnerability exists in the findParam function of HevcUtils.cpp where a missing bounds check could lead to an out of bounds read condition. The issue has been assigned a CVSS v3.1 base score of 3.3 (LOW) with the following vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N. This indicates local access is required, with low attack complexity and low privileges needed (NVD).

If exploited, this vulnerability could lead to local escalation of privilege. The impact is primarily limited to unauthorized information disclosure, as indicated by the CVSS metrics showing only confidentiality impact (C:L) with no effect on integrity or availability (NVD).

The vulnerability has been addressed in the Android Security Bulletin for December 2022. Users should update their Android devices to the latest available security patch level to mitigate this vulnerability (Android Bulletin).