CVE-2022-20553: 
NixOS vulnerability analysis and mitigation

CVE-2022-20553 is a vulnerability discovered in Android 13 that affects the LogAccessDialogActivity.java component. The vulnerability was disclosed in December 2022 and involves a possible way to bypass permission checks through a tapjacking/overlay attack (NVD).

The vulnerability exists in the onCreate method of LogAccessDialogActivity.java and is related to improper restriction of rendered UI layers or frames (CWE-1021). It has been assigned a CVSS v3.1 base score of 6.5 (Medium) with the vector string CVSS:3.1/AV:L/AC:L/PR:H/UI:R/S:U/C:H/I:H/A:H, indicating local access required, low attack complexity, high privileges required, and user interaction needed (NVD).

If successfully exploited, this vulnerability could lead to local escalation of privilege with System execution privileges. The attack requires system execution privileges and user interaction for successful exploitation (NVD).

Google has addressed this vulnerability in the December 2022 security patch for Android devices. Users should update their Android devices to the latest available security patch level (Pixel Update Bulletin).