CVE-2023-20956: 
NixOS vulnerability analysis and mitigation

In Import of C2SurfaceSyncObj.cpp, there is a possible out of bounds write due to a missing bounds check. This vulnerability (CVE-2023-20956) affects Android versions 12, 12L, and 13. The vulnerability requires System execution privileges and no user interaction for exploitation (Android Security Bulletin).

The vulnerability is classified as an Out-of-bounds Write (CWE-787) with a CVSS v3.1 Base Score of 4.4 (MEDIUM). The attack vector is Local (AV:L), with Low attack complexity (AC:L), requiring High privileges (PR:H), and no user interaction (UI:N). The scope is Unchanged (S:U), with High confidentiality impact (C:H), but no impact on integrity (I:N) or availability (A:N) (NVD).

A successful exploitation of this vulnerability could lead to local information disclosure. The impact is limited to confidentiality, with potential exposure of sensitive information when the attacker has System execution privileges (Android Security Bulletin).

The vulnerability was addressed in the March 2023 Android Security Bulletin. Users should update their Android devices to the latest available security patch level to mitigate this vulnerability (Android Security Bulletin).