CVE-2023-21197: 
NixOS vulnerability analysis and mitigation

In btmaclprocessscacmplpkt of btmacl.cc, there is a possible out of bounds read due to an incorrect bounds check in Android 13. This vulnerability (CVE-2023-21197) affects the Bluetooth component and was disclosed in the June 2023 Android Security Bulletin (Android Bulletin).

The vulnerability is classified as an Out-of-bounds Read (CWE-125) that occurs in the Bluetooth component. It has been assigned a CVSS v3.1 Base Score of 7.5 HIGH with the vector string CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N. This indicates that the vulnerability is network accessible, requires low attack complexity, needs no privileges or user interaction, and can lead to high confidentiality impact (NVD).

A successful exploitation of this vulnerability could lead to remote information disclosure without requiring additional execution privileges. The high confidentiality impact rating suggests that the attacker could gain access to sensitive information through the out-of-bounds read (NVD).

The vulnerability was addressed in Android 13 through a security patch. Users should ensure their devices are updated to the latest available security patch level, particularly the June 2023 security update (Android Bulletin).