CVE-2023-42647: 
NixOS vulnerability analysis and mitigation

CVE-2023-42647 is a vulnerability discovered in the Ifaa service affecting various Android versions (10.0 through 13.0) and multiple Unisoc hardware platforms. The vulnerability allows potential local information disclosure due to a missing permission check in the way permission usage records of an app are written (NVD CVE).

The vulnerability has been assigned a CVSS v3.1 base score of 5.5 (Medium) with the vector string CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N. This indicates that the vulnerability requires local access, low attack complexity, low privileges, and no user interaction. While it has high impact on confidentiality, it does not affect integrity or availability (NVD CVE).

The vulnerability could lead to local information disclosure, potentially exposing sensitive information about app permission usage records. The attack requires no additional execution privileges beyond the basic local access requirements (NVD CVE).

The vulnerability affects multiple Android versions (10.0 through 13.0) and various Unisoc hardware platforms including S8000, SC7731E, SC9832E, SC9863A, T310, T606, T610, T612, T616, T618, T760, T770, and T820. Users should ensure their devices are updated with the latest security patches (NVD CVE).