CVE-2023-35669: 
NixOS vulnerability analysis and mitigation

In checkKeyIntentParceledCorrectly of AccountManagerService.java, there is a possible way to control other running activities due to unsafe deserialization. This vulnerability (CVE-2023-35669) affects Android versions 11, 12, 12L, and 13. The issue was discovered and reported to Android security team, with patches released in the September 2023 security update (Android Bulletin).

The vulnerability is classified with a CVSS v3.1 Base Score of 7.8 (HIGH) with the vector string CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H. The issue is categorized as CWE-502 (Deserialization of Untrusted Data). The vulnerability exists in the AccountManagerService.java component and specifically affects the checkKeyIntentParceledCorrectly function (NVD).

This vulnerability could lead to local escalation of privilege with no additional execution privileges needed. The high CVSS score indicates potential severe impacts on confidentiality, integrity, and availability of the affected system. User interaction is not needed for exploitation (CVE Details).

The vulnerability has been patched in the September 2023 Android Security Bulletin. Users should update their Android devices to the latest security patch level. Samsung has also included this fix in their September 2023 security update for affected Galaxy devices (Samsung News).