CVE-2023-21336: 
NixOS vulnerability analysis and mitigation

CVE-2023-21336 is a vulnerability discovered in Android's Input Method component that affects Android versions prior to 14.0. The vulnerability was disclosed in October 2023 and allows an attacker to determine whether an app is installed without requiring query permissions, due to side channel information disclosure (Android Bulletin).

The vulnerability is classified as an information disclosure issue in the Android Framework component. It has been assigned a CVSS v3.1 base score of 5.5 (MEDIUM) with the following vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N. The vulnerability exploits side channel information to bypass normal permission requirements for querying installed applications (NVD).

The successful exploitation of this vulnerability could lead to local information disclosure without requiring additional execution privileges. An attacker could potentially determine which applications are installed on a device without having the necessary permissions to query this information directly (NVD).

The vulnerability has been patched in Android 14.0. Users and organizations are advised to update their Android devices to version 14.0 or later to protect against this vulnerability (Android Bulletin).