CVE-2023-42645: 
NixOS vulnerability analysis and mitigation

In sim service, there is a possible way to write permission usage records of an app due to a missing permission check. This vulnerability (CVE-2023-42645) affects Google Android 11.0 and Unisoc devices including models S8000, T760, T770, and T820. The vulnerability was disclosed on November 1, 2023 (NVD).

The vulnerability has been assigned a CVSS v3.1 base score of 5.5 (MEDIUM) with the vector string CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N. This indicates that the vulnerability requires local access, low attack complexity, low privileges, and no user interaction. The scope is unchanged, with high impact on confidentiality but no impact on integrity or availability (NVD).

This vulnerability could lead to local information disclosure with no additional execution privileges needed. The high confidentiality impact suggests that the vulnerability could allow unauthorized access to sensitive permission usage records (NVD).

The vulnerability has been addressed in subsequent updates. Users of affected devices should ensure they are running the latest available security updates from their device manufacturers (NVD, Unisoc Advisory).