CVE-2022-20547: 
NixOS vulnerability analysis and mitigation

A vulnerability in Android 13's AdapterService.java allows potential manipulation of Bluetooth state due to missing permission checks. The vulnerability, identified as CVE-2022-20547, was disclosed in December 2022 and affects Android 13 systems. This security flaw was assigned Android ID A-240301753 (NVD).

The vulnerability exists in multiple functions of AdapterService.java where permission checks are absent. The severity of this vulnerability has been rated as HIGH with a CVSS v3.1 base score of 7.8 (CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H). The vulnerability is classified as CWE-862: Missing Authorization, indicating a fundamental security control issue (NVD).

If exploited, this vulnerability could lead to local escalation of privilege with no additional execution privileges needed. The impact is significant as it affects the Bluetooth state control, potentially compromising system security. No user interaction is required for exploitation, making it particularly concerning (NVD).

The vulnerability was addressed in the December 2022 Android security patch. Users should ensure their Android 13 devices are updated with the latest security patches to mitigate this vulnerability (Android Bulletin).