CVE-2023-21032: 
NixOS vulnerability analysis and mitigation

In ufdtoutputnodetofdt of ufdtconvert.c, there is a possible out of bounds read due to a heap buffer overflow in Android 13. This vulnerability could lead to local information disclosure with System execution privileges needed. User interaction is not needed for exploitation. The vulnerability was assigned CVE-2023-21032 and was disclosed in March 2023 (NVD).

The vulnerability is classified as an Out-of-bounds Read (CWE-125). It has been assigned a CVSS v3.1 Base Score of 4.4 MEDIUM with the vector string CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N. This indicates that the vulnerability requires local access, low attack complexity, high privileges, and no user interaction. The scope is unchanged, with high impact on confidentiality but no impact on integrity or availability (NVD).

Successful exploitation of this vulnerability can result in local information disclosure. The attacker needs System execution privileges to exploit the vulnerability, and the impact is limited to unauthorized access to sensitive information (NVD).

The vulnerability was addressed in the Android Security Bulletin for March 2023. Users should update their Android devices to the latest available security patch level to mitigate this vulnerability (Android Security Bulletin).