CVE-2023-21232: 
NixOS vulnerability analysis and mitigation

In multiple locations within Android systems, there exists a vulnerability (CVE-2023-21232) that allows retrieval of sensor data without proper permissions due to a permissions bypass. The vulnerability was disclosed in the August 2023 Android Security Bulletin and affects Android versions 11.0 and 13.0 (Android Bulletin).

The vulnerability is classified with a CVSS v3.1 Base Score of 3.3 (LOW), with the following vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N. This indicates a local attack vector with low attack complexity, requiring low privileges, and no user interaction. The vulnerability primarily impacts confidentiality with low severity (NVD).

The vulnerability could lead to local information disclosure of sensor data without requiring additional execution privileges. This means an attacker with local access could potentially access sensor data they shouldn't have permission to view (NVD).

The vulnerability has been addressed in the Android Security Bulletin for August 2023. Users should ensure their devices are updated with the latest security patches to mitigate this vulnerability (Android Bulletin).