CVE-2023-21299: 
NixOS vulnerability analysis and mitigation

CVE-2023-21299 is a vulnerability discovered in Android's Package Manager component that allows determining whether an app is installed without proper query permissions. The vulnerability was disclosed in the Android 14 security bulletin and affects Android versions prior to 14.0. This side-channel information disclosure vulnerability requires local access but does not need user interaction for exploitation (Android Bulletin).

The vulnerability exists in the Package Manager component and is classified as an Observable Discrepancy (CWE-203). It has been assigned a CVSS v3.1 Base Score of 5.5 (Medium) with the following vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N. The vulnerability allows an attacker to exploit side channel information disclosure to determine the installation status of applications without having the necessary query permissions (NVD).

If exploited, this vulnerability enables local information disclosure without requiring additional execution privileges. The primary impact is the unauthorized ability to determine whether specific applications are installed on the device, potentially compromising user privacy and revealing sensitive information about installed applications (NVD).

The vulnerability has been patched in Android 14.0. Users and organizations are advised to upgrade their Android devices to version 14.0 or later to mitigate this vulnerability (Android Bulletin).