CVE-2023-21029: 
NixOS vulnerability analysis and mitigation

In register of UidObserverController.java, there is a missing permission check vulnerability (CVE-2023-21029) affecting Android 13. The vulnerability was disclosed in the March 2023 Android Security Bulletin. This security issue could potentially lead to local information disclosure of app usage when exploited (Android Bulletin).

The vulnerability has been assigned a CVSS v3.1 base score of 5.5 (MEDIUM) with the following vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N. The issue stems from a missing permission check in the UidObserverController.java component. The vulnerability requires local access and low privilege level for exploitation, but no user interaction is needed (NVD).

When successfully exploited, this vulnerability could lead to local information disclosure of app usage data. The impact is limited to confidentiality with no effect on integrity or availability of the system (NVD).

The vulnerability was addressed in the Android Security Bulletin for March 2023. Users should ensure their Android devices are updated with the latest security patches to mitigate this vulnerability (Android Bulletin).