CVE-2023-21305: 
NixOS vulnerability analysis and mitigation

CVE-2023-21305 is a vulnerability discovered in Android OS that affects versions prior to Android 14.0. The vulnerability exists in Content functionality, where there is a possible way to determine whether an app is installed without query permissions, due to side channel information disclosure (Android Bulletin).

The vulnerability is classified as an information disclosure issue with a CVSS v3.1 Base Score of 5.5 (MEDIUM). The attack vector is Local (L), with Low attack complexity (L), requiring Low privileges (L), and no user interaction (N). The scope is Unchanged (U), with High confidentiality impact (H), but no impact on integrity (N) or availability (N). The CVSS vector string is CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N (NVD).

The vulnerability allows an attacker to determine whether specific apps are installed on the device without having the necessary query permissions. This could lead to local information disclosure with no additional execution privileges needed. The impact is limited to confidentiality, with no effects on system integrity or availability (Android Bulletin).

The vulnerability has been patched in Android 14.0. Users should update their Android devices to version 14.0 or later to mitigate this vulnerability (Android Bulletin).