CVE-2023-21001: 
NixOS vulnerability analysis and mitigation

CVE-2023-21001 is a security vulnerability discovered in Android's NetworkProviderSettings.java component, specifically in the onContextItemSelected function. The vulnerability was disclosed in March 2023 and affects Android 13 systems. The issue stems from a missing permission check that could allow users to modify Wi-Fi settings of other users (Android Bulletin).

The vulnerability exists in the onContextItemSelected function of NetworkProviderSettings.java due to a missing permission check mechanism. It has been assigned a CVSS v3.1 Base Score of 7.8 (HIGH) with the following vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H. The vulnerability is classified under CWE-862 (Missing Authorization) (NVD).

If exploited, this vulnerability allows local users to escalate privileges and modify Wi-Fi settings of other users on the system. The impact affects confidentiality, integrity, and availability with high severity ratings, potentially compromising the security boundaries between different user accounts on Android devices (NVD).

The vulnerability was addressed in the Android Security Bulletin for March 2023. Users should update their Android devices to the latest available security patch level to mitigate this vulnerability (Android Bulletin).