CVE-2023-21172: 
NixOS vulnerability analysis and mitigation

In multiple functions of WifiCallingSettings.java in Android 13, there is a possible way to change calling preferences for the admin user due to a permissions bypass. This vulnerability (CVE-2023-21172) was disclosed on June 28, 2023, and affects Android version 13. The vulnerability was tracked under Android ID: A-262243015 (NVD).

The vulnerability stems from a permissions bypass in WifiCallingSettings.java that could allow unauthorized modification of calling preferences. The vulnerability has been assigned a CVSS v3.1 base score of 7.8 (HIGH) with the following vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H. This indicates that the vulnerability requires local access, low attack complexity, low privileges, and no user interaction for exploitation (NVD).

Successful exploitation of this vulnerability could lead to local escalation of privilege with no additional execution privileges needed. The attacker could potentially modify calling preferences for the admin user, which could affect the system's security and functionality (NVD).

The vulnerability was addressed in the Android Security Bulletin for June 2023. Users should ensure their Android devices are updated to the latest available security patch level to mitigate this vulnerability (Android Bulletin).