CVE-2022-20551: 
NixOS vulnerability analysis and mitigation

CVE-2022-20551 is a vulnerability discovered in Android's AudioFlinger.cpp component, affecting Android versions 12, 12L, and 13. The vulnerability allows recording audio without displaying a privacy indicator due to a logic error in the createTrack function. This vulnerability was disclosed in the February 2023 Android Security Bulletin (Android Bulletin).

The vulnerability exists in the createTrack function of AudioFlinger.cpp and is classified with a CVSS v3.1 base score of 6.7 (MEDIUM). The CVSS vector is CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H, indicating local access is required with high privileges, but no user interaction is needed. The vulnerability stems from a logic error in the code that could bypass privacy indicator mechanisms (NVD).

If exploited, this vulnerability allows an attacker to record audio without triggering the privacy indicator, potentially compromising user privacy. The attack requires system execution privileges but can lead to local escalation of privilege (NVD).

Google has released security patches for this vulnerability in the February 2023 Android Security Bulletin. Users should update their Android devices to the latest security patch level to mitigate this vulnerability (Android Bulletin).