CVE-2023-21349: 
NixOS vulnerability analysis and mitigation

CVE-2023-21349 is a vulnerability discovered in Android's Package Manager component. The vulnerability allows an attacker to determine whether an app is installed without query permissions, due to side channel information disclosure. This vulnerability was disclosed as part of the Android 14 security bulletin (Android Bulletin).

The vulnerability is classified as an information disclosure issue through a side channel in the Package Manager component. It has been assigned a CVSS v3.1 base score of 3.3 (LOW) with the following vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N. The vulnerability is tracked under CWE-203 (Observable Discrepancy) (NVD).

A successful exploitation of this vulnerability could lead to local information disclosure without requiring additional execution privileges. An attacker could determine the presence of specific applications on the device, potentially compromising user privacy. No user interaction is required for exploitation (NVD).

The vulnerability affects Android versions prior to Android 14. Users should update their devices to Android 14 or later to receive the security patch that addresses this vulnerability (Android Bulletin).