CVE-2023-20964: 
NixOS vulnerability analysis and mitigation

CVE-2023-20964 affects multiple functions in MediaSessionRecord.java of the Android operating system. The vulnerability was discovered in Android versions 12, 12L, and 13, and was disclosed in March 2023. This security issue involves a possible Intent rebroadcast vulnerability due to a confused deputy (Android Security Bulletin).

The vulnerability exists in multiple functions within MediaSessionRecord.java and is characterized by a confused deputy issue that could lead to Intent rebroadcast problems. The severity of this vulnerability has been assessed with a CVSS v3.1 base score of 7.8 (HIGH), with the following vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H. The vulnerability requires local access but no user interaction for exploitation (NVD).

A successful exploitation of this vulnerability could lead to local denial of service or escalation of privilege with no additional execution privileges needed. The high CVSS score indicates significant potential impact on confidentiality, integrity, and availability of the affected system (NVD).

The vulnerability affects Android versions 12, 12L, and 13. Users should update their Android devices to the latest available security patch level that addresses this vulnerability. The fix was included in the March 2023 Android Security Bulletin (Android Security Bulletin).