CVE-2023-21301: 
NixOS vulnerability analysis and mitigation

CVE-2023-21301 is a vulnerability discovered in Android's ActivityManagerService component. The vulnerability was disclosed in October 2023 and affects Android versions prior to Android 14. The issue allows an attacker to determine whether an app is installed without requiring query permissions, due to side channel information disclosure (Android Security Bulletin).

The vulnerability has been assigned a CVSS v3.1 base score of 5.5 (MEDIUM) with the following vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N. The vulnerability exists in the ActivityManagerService component and exploits side channel information disclosure to bypass permission requirements for querying installed applications (NVD).

If exploited, this vulnerability could lead to local escalation of privilege. The attacker could determine the presence of installed applications without having the necessary query permissions, potentially compromising user privacy. No additional execution privileges are needed for exploitation (NVD).

The vulnerability has been patched in Android 14. Users should update their Android devices to version 14 or later to mitigate this security issue (Android Security Bulletin).