CVE-2023-21201: 
NixOS vulnerability analysis and mitigation

In oncreaterecordevent of btifsdp_server.cc, there is a possible out of bounds read due to a missing null check. This vulnerability (CVE-2023-21201) affects Android-13 and could lead to remote denial of service with no additional execution privileges needed. User interaction is not needed for exploitation (Android Bulletin).

The vulnerability has been assigned a CVSS v3.1 Base Score of 7.5 HIGH with the vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H. The vulnerability is classified as CWE-125 (Out-of-bounds Read) and affects the Android operating system version 13. The issue exists in the btifsdpserver.cc component, specifically in the oncreaterecord_event function, where a missing null check can lead to an out-of-bounds read condition (NVD).

A successful exploitation of this vulnerability can result in remote denial of service of the affected system. The vulnerability has high availability impact but does not affect confidentiality or integrity of the system (NVD).

The vulnerability has been addressed in the Android Security Bulletin for June 2023. Users should update their Android devices to the latest available security patch level to mitigate this vulnerability (Android Bulletin).