CVE-2023-40112: 
NixOS vulnerability analysis and mitigation

CVE-2023-40112 is a vulnerability discovered in the ippSetValueTag function of ipp.c within Android's Built-In Print Service. The vulnerability was disclosed in February 2024 and affects Android OS version 11.0 and potentially other versions. The issue stems from a missing bounds check that could lead to an out-of-bounds read condition (NVD, CVE).

The vulnerability is classified as an out-of-bounds read (CWE-125) in the ippSetValueTag function of ipp.c. It has received a CVSS v3.1 base score of 5.5 (Medium) with the vector string CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N, indicating local access, low attack complexity, and high confidentiality impact (NVD).

The vulnerability could lead to local information disclosure of past print jobs or other print-related information. The impact is limited to confidentiality, with no impact on integrity or availability. No additional execution privileges are required for exploitation (CVE).

Google has addressed this vulnerability in the November 2023 Android Security Bulletin. Users are recommended to update their Android devices to a security patch level of 2023-11-05 or later to mitigate this vulnerability (Android Security Bulletin).