CVE-2023-21025: 
NixOS vulnerability analysis and mitigation

In ufdt_local_fixup_prop of ufdt_overlay.c, there is a possible out of bounds read due to an incorrect bounds check. This vulnerability (CVE-2023-21025) affects Android 13 and was disclosed in March 2023. The issue requires System execution privileges for exploitation and does not require user interaction (Android Bulletin).

The vulnerability is classified as an Out-of-bounds Read (CWE-125) with a CVSS v3.1 Base Score of 4.4 (MEDIUM). The CVSS vector string is CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N, indicating local access, low attack complexity, high privileges required, no user interaction needed, unchanged scope, high confidentiality impact, and no impact on integrity or availability (NVD).

If successfully exploited, this vulnerability could lead to local information disclosure. The impact is limited to confidentiality, with potential exposure of sensitive information, while system integrity and availability remain unaffected (Android Bulletin).

The vulnerability was addressed in the Android Security Bulletin of March 2023. Users should update their Android devices to the latest available security patch level to mitigate this vulnerability (Android Bulletin).