CVE-2023-21346: 
NixOS vulnerability analysis and mitigation

CVE-2023-21346 is a vulnerability discovered in the Device Idle Controller component of Android operating system. The vulnerability was disclosed in October 2023 and affects Android versions prior to Android 14. The flaw allows potential attackers to determine whether specific applications are installed on a device without requiring query permissions, due to side channel information disclosure (Android Bulletin).

The vulnerability exists in the Device Idle Controller component of Android and is classified as an information disclosure vulnerability through a side channel. It has been assigned a CVSS v3.1 base score of 3.3 (LOW) with the vector string CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N. The vulnerability is tracked under CWE-203 (Observable Discrepancy) and requires local access to exploit (NVD).

If exploited, this vulnerability allows local attackers to determine whether specific applications are installed on the target device without having the necessary query permissions. This represents a privacy concern as it bypasses Android's permission model for querying installed applications (Android Bulletin).

Google has addressed this vulnerability in Android 14. Users and organizations are advised to update their Android devices to Android 14 or apply the latest security patches to mitigate this vulnerability (Android Bulletin).