CVE-2023-40113: 
NixOS vulnerability analysis and mitigation

A vulnerability identified as CVE-2023-40113 was discovered in Android's system components affecting multiple locations where apps could access cross-user message data due to a missing permission check. The vulnerability affects Android versions 11.0 through 13.0 and was disclosed in the November 2023 Android Security Bulletin (Android Bulletin, NVD).

The vulnerability is characterized by a missing permission check that could allow unauthorized access to cross-user message data. It has been assigned a CVSS v3.1 base score of 5.5 (Medium) with the vector string CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N. This indicates that the vulnerability requires local access, low attack complexity, low privileges, and no user interaction, while potentially resulting in high confidentiality impact (NVD).

The vulnerability could lead to local information disclosure with no additional execution privileges needed. The primary impact is on data confidentiality, potentially allowing unauthorized access to message data across different user profiles on the same device (NVD).

Google has addressed this vulnerability in the November 2023 Android Security Bulletin. Users should update their Android devices to a security patch level of 2023-11-05 or later to receive the fix (Android Bulletin).