CVE-2023-21289: 
NixOS vulnerability analysis and mitigation

CVE-2023-21289 is a security vulnerability affecting multiple versions of Google Android (11, 12, 12L, and 13). The vulnerability was disclosed in the August 2023 Android Security Bulletin and involves a possible bypass of a multi-user security boundary due to a confused deputy issue (Android Bulletin).

The vulnerability exists in multiple locations within the Android framework and is characterized by a potential bypass of the multi-user security boundary. It has been assigned a CVSS v3.1 base score of 5.5 (Medium) with the vector string CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N, indicating local access, low attack complexity, and high confidentiality impact (NVD).

The vulnerability can lead to local information disclosure without requiring additional execution privileges. The impact is primarily focused on confidentiality, with no direct impact on integrity or availability. The vulnerability does not require user interaction for exploitation (NVD).

Google has released security patches for this vulnerability as part of the August 2023 Android Security Bulletin. Users should update their Android devices to the security patch level dated August 5, 2023, or later (Android Bulletin).