CVE-2023-21175: 
NixOS vulnerability analysis and mitigation

In onCreate of DataUsageSummary.java, there exists a vulnerability that allows a guest user to enable or disable mobile data due to a permissions bypass. This vulnerability (CVE-2023-21175) affects Android-13 systems and was disclosed in the June 2023 security bulletin. The vulnerability requires no additional execution privileges and can be exploited without user interaction (Android Bulletin).

The vulnerability has been assigned a CVSS v3.1 Base Score of 7.8 (HIGH) with the following vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H. The vulnerability is related to a permissions bypass in the DataUsageSummary.java component, specifically during the onCreate process. The issue has been identified with Android ID: A-262243574 (NVD).

The vulnerability can lead to local escalation of privilege with significant impact on system confidentiality, integrity, and availability. The CVSS scoring indicates high potential impact across all three security metrics (Confidentiality, Integrity, and Availability), suggesting that successful exploitation could give an attacker substantial control over the affected system (NVD).

The vulnerability was addressed in the Android Security Bulletin for June 2023. Users should ensure their Android devices are updated with the latest security patches to mitigate this vulnerability (Android Bulletin).