CVE-2023-20975: 
NixOS vulnerability analysis and mitigation

In getAvailabilityStatus of EnableContentCapturePreferenceController.java, there is a possible way to bypass DISALLOW_CONTENT_CAPTURE due to a permissions bypass. This vulnerability, identified as CVE-2023-20975, affects Android version 13. The vulnerability was disclosed in the Android Security Bulletin and addressed in June 2023 (Android Bulletin).

The vulnerability has been assigned a CVSS v3.1 base score of 7.8 (HIGH), with the following vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H. The vulnerability exists in the local system and requires low attack complexity and low privileges to exploit. No user interaction is needed for exploitation (NVD).

A successful exploitation of this vulnerability could lead to local escalation of privilege with no additional execution privileges needed. The impact affects the confidentiality, integrity, and availability of the system, with potential unauthorized access to sensitive data and system resources (NVD).

The vulnerability has been patched in the Android Security Bulletin for June 2023. Users should ensure their Android devices are updated to the latest available security patch level to mitigate this vulnerability (Android Bulletin).