CVE-2023-21184: 
NixOS vulnerability analysis and mitigation

In getCurrentPrivilegedPackagesForAllUsers of CarrierPrivilegesTracker.java, there is a possible permission bypass due to a logic error in the code. This vulnerability (CVE-2023-21184) affects Android version 13 and was disclosed in the June 2023 security bulletin. The vulnerability could lead to local escalation of privilege with no additional execution privileges needed, and user interaction is not required for exploitation (Android Bulletin).

The vulnerability has been assigned a CVSS v3.1 base score of 7.8 (HIGH) with the following vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H. The vulnerability exists in the CarrierPrivilegesTracker.java component and stems from a logic error in the getCurrentPrivilegedPackagesForAllUsers function. The attack complexity is considered low, requires low privileges, and no user interaction (NVD).

Successful exploitation of this vulnerability can result in a complete compromise of the affected component, with high impacts on confidentiality, integrity, and availability. The vulnerability allows for local escalation of privilege, potentially giving an attacker elevated access to system resources (NVD).

The vulnerability was addressed in the Android June 2023 security patch. Users should ensure their Android devices are updated with the latest security patches to mitigate this vulnerability (Android Bulletin).