CVE-2023-42672: 
NixOS vulnerability analysis and mitigation

CVE-2023-42672 is a vulnerability discovered in the imsservice component of Android operating system. The vulnerability was disclosed on December 3, 2023, and affects Android versions 11.0 and 12.0, as well as various UNISOC chipsets. The issue stems from a missing permission check that could allow unauthorized writing of permission usage records of an app (NVD).

The vulnerability has been assigned a CVSS v3.1 base score of 5.5 (MEDIUM) with the vector string CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N. The vulnerability is classified as CWE-862 (Missing Authorization). The issue specifically affects the imsservice component where a missing permission check could allow unauthorized access to permission usage records (NVD).

The vulnerability could lead to local information disclosure with no additional execution privileges needed. An attacker who successfully exploits this vulnerability would be able to write permission usage records of an app, potentially compromising the security of the affected system (NVD).

The vulnerability affects Android 11.0 and 12.0, as well as various UNISOC chipsets including S8000, SC7731E, SC9832E, SC9863A, T310, T606, T610, T612, T616, T618, T760, T770, and T820. Users should ensure their devices are updated with the latest security patches (NVD).