CVE-2023-42678: 
NixOS vulnerability analysis and mitigation

CVE-2023-42678 is a vulnerability discovered in the imsservice component affecting Android devices. The vulnerability was disclosed on December 3, 2023, and involves a missing permission check that could allow writing permission usage records of an app. The affected systems include Android versions 11.0, 12.0, and 13.0, as well as various Unisoc hardware platforms including S8000, SC7731E, SC9832E, SC9863A, T310, T606, and others (NVD).

The vulnerability is classified as a Missing Authorization issue (CWE-862) with a CVSS v3.1 base score of 5.5 (Medium). The attack vector is local (AV:L), with low attack complexity (AC:L), requiring low privileges (PR:L), and no user interaction (UI:N). The scope is unchanged (S:U), with high confidentiality impact (C:H) but no impact on integrity (I:N) or availability (A:N) (NVD).

The vulnerability could lead to local information disclosure with no additional execution privileges needed. This means an attacker with local access could potentially access sensitive permission usage records of applications on the affected device (NVD).

The vulnerability has been identified and analyzed by NIST on December 6, 2023. Users should ensure their devices are updated with the latest security patches when available from their device manufacturers (NVD).