CVE-2023-21173: 
NixOS vulnerability analysis and mitigation

In multiple methods of DataUsageList.java in Android 13, there is a possible way to learn about admin user's network activities due to a missing permission check. This vulnerability (CVE-2023-21173) was disclosed in the June 2023 Android Security Bulletin. The vulnerability affects Android version 13 and requires local access with no additional execution privileges needed for exploitation. User interaction is not required for exploitation (Android Bulletin).

The vulnerability has been assigned a CVSS v3.1 base score of 5.5 (Medium) with the following vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N. The vulnerability is classified as CWE-862 (Missing Authorization). The issue stems from missing permission checks in DataUsageList.java that could allow unauthorized access to admin user's network activity information (NVD).

If exploited, this vulnerability could lead to local information disclosure, specifically allowing an attacker to learn about admin user's network activities. The impact is limited to confidentiality (High), with no impact on integrity or availability of the system (NVD).

The vulnerability has been patched in the Android Security Bulletin for June 2023. Users should update their Android devices to the latest available security patch level to mitigate this vulnerability (Android Bulletin).