CVE-2023-21202: 
NixOS vulnerability analysis and mitigation

In btm_delete_stored_link_key_complete of btm_devctl.cc, there is a possible out of bounds read vulnerability due to a missing bounds check. This vulnerability, identified as CVE-2023-21202, affects Android 13 systems and was disclosed in the June 2023 security bulletin. The vulnerability was assigned Android ID A-260568359 (Android Bulletin).

The vulnerability is classified as an out-of-bounds read issue (CWE-125) in the Bluetooth component. It received a CVSS v3.1 Base Score of 4.5 MEDIUM with the vector string CVSS:3.1/AV:A/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N. The vulnerability exists in the btm_delete_stored_link_key_complete function within btm_devctl.cc, where a missing bounds check could lead to unauthorized access to memory (NVD).

If exploited, this vulnerability could lead to local information disclosure over Bluetooth. The attack requires System execution privileges, but no user interaction is needed for exploitation. The vulnerability primarily impacts the confidentiality of the system, with potential exposure of sensitive information through unauthorized memory access (NVD).

The vulnerability was addressed in the Android June 2023 security patch level. Users should update their Android 13 devices to the latest security patch level to mitigate this vulnerability (Android Bulletin).