CVE-2023-42676: 
NixOS vulnerability analysis and mitigation

In imsservice, there is a possible way to write permission usage records of an app due to a missing permission check. This vulnerability (CVE-2023-42676) affects Google Android versions 11.0, 12.0, and 13.0, as well as various UNISOC hardware platforms including S8000, SC7731E, SC9832E, SC9863A, T310, and T606. The vulnerability was discovered and disclosed in December 2023 (NVD).

The vulnerability is classified as a Missing Authorization issue (CWE-862) with a CVSS v3.1 base score of 5.5 MEDIUM (Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N). The vulnerability exists in the imsservice component where a missing permission check could allow unauthorized access to permission usage records (NVD).

This vulnerability could lead to local information disclosure with no additional execution privileges needed. An attacker could potentially access and write permission usage records of applications, compromising the confidentiality of permission-related data (NVD).

The vulnerability has been addressed in the December 2023 Security Update. Users should update their devices to the latest available security patch to mitigate this vulnerability (NVD).