CVE-2023-42675: 
NixOS vulnerability analysis and mitigation

In imsservice, there is a possible way to write permission usage records of an app due to a missing permission check. This vulnerability (CVE-2023-42675) affects Google Android versions 11.0, 12.0, and 13.0, as well as various Unisoc hardware platforms including S8000, SC7731E, SC9832E, SC9863A, T310, T606, and others. The vulnerability was disclosed in December 2023 (NVD).

The vulnerability is classified as a Missing Authorization issue (CWE-862) with a CVSS v3.1 Base Score of 5.5 (MEDIUM). The attack requires local access with low privileges and no user interaction. The vulnerability vector is CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N, indicating local access, low attack complexity, low privileges required, no user interaction needed, and impacts primarily confidentiality (NVD).

The vulnerability could lead to local information disclosure with no additional execution privileges needed. An attacker could potentially access and write permission usage records of an app, compromising the confidentiality of permission-related data (NVD).

The vulnerability affects multiple Android versions and Unisoc hardware platforms. Users and administrators should ensure their devices are updated with the latest security patches provided by Google and Unisoc. No specific workarounds have been publicly documented (NVD).