CVE-2022-20611: 
NixOS vulnerability analysis and mitigation

CVE-2022-20611 is a vulnerability affecting Google Android Open Source Project (AOSP) versions 10, 11, 12, 12L, and 13 without the security patch from December 5, 2022. The vulnerability was disclosed as part of the Android Security Bulletin in December 2022 (Android Bulletin).

The vulnerability is classified as an improper input validation issue (CWE-20) that could allow an attacker to exploit security weaknesses in the Android system. The vulnerability has been assigned a CVSS v3 base score of 7.5, with the vector string (AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H), indicating it is remotely exploitable with low attack complexity and requires no privileges or user interaction (CISA Advisory).

Successful exploitation of this vulnerability could allow a remote attacker to cause a denial-of-service (DoS) condition in affected Android devices. The impact is primarily focused on system availability, with no direct impact on confidentiality or integrity (CERT-FR).

Google has addressed this vulnerability in the December 2022 Android Security Bulletin. Users are advised to apply the security patch level dated December 5, 2022, or later to mitigate this vulnerability (Android Bulletin).