CVE-2023-21198: 
NixOS vulnerability analysis and mitigation

In remove_sdp_record of btif_sdp_server.cc, there is a possible out of bounds read due to a missing bounds check in Android 13. This vulnerability was discovered and disclosed in June 2023. The vulnerability affects Android devices running Android 13 operating system (Android Bulletin).

The vulnerability is identified as an out-of-bounds read (CWE-125) in the btif_sdp_server.cc component. The issue occurs due to a missing bounds check in the remove_sdp_record function. The vulnerability has been assigned a CVSS v3.1 base score of 5.5 (MEDIUM) with the vector string CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N, indicating local access, low attack complexity, and high confidentiality impact (NVD).

If successfully exploited, this vulnerability could lead to local information disclosure. The attack requires no user interaction for exploitation, but does need local access with low privileges. The primary impact is on confidentiality, with potential unauthorized access to sensitive information (NVD).

The vulnerability has been addressed in the Android security bulletin for June 2023. Users should update their Android devices to the latest available security patch level to mitigate this vulnerability (Android Bulletin).