CVE-2023-35665: 
NixOS vulnerability analysis and mitigation

A vulnerability identified as CVE-2023-35665 affects multiple files in Android versions 11, 12, 12L, and 13. The vulnerability allows importing contacts from another user due to a missing permission check, potentially leading to local privilege escalation. This security issue was disclosed and patched in the September 2023 Android Security Bulletin (Android Bulletin).

The vulnerability is classified with a CVSS v3.1 Base Score of 7.8 (HIGH) with the vector string CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H. The issue stems from a missing authorization check (CWE-862) that could allow unauthorized access to user data. The vulnerability requires local access but no user interaction for exploitation (NVD).

If exploited, this vulnerability could lead to local privilege escalation, allowing an attacker to access and potentially manipulate contact data from other users on the system. The vulnerability affects confidentiality, integrity, and availability of the system with high severity ratings across all three aspects (NVD).

The vulnerability has been addressed in the Android September 2023 security patch. Users should update their Android devices to the latest security patch level to protect against this vulnerability (Android Bulletin).