CVE-2023-42698: 
NixOS vulnerability analysis and mitigation

In omacp service, there is a possible way to write permission usage records of an app due to a missing permission check. This vulnerability (CVE-2023-42698) affects Google Android devices running Android 11.0 through 13.0 and various Unisoc chipsets including S8000, SC7731E, SC9832E, SC9863A, T310, and T606. The vulnerability was disclosed in December 2023 (NVD).

The vulnerability is classified as a Missing Authorization issue (CWE-862) that could lead to local information disclosure. It has been assigned a CVSS v3.1 base score of 5.5 (Medium) with the vector string CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N. This indicates the vulnerability requires local access, low attack complexity, low privileges, and no user interaction to exploit (NVD).

The vulnerability could lead to local information disclosure with no additional execution privileges needed. An attacker could potentially access and write permission usage records of an app, compromising the privacy and security of app data (CISA).

The vulnerability affects Android versions 11.0 through 13.0 and specific Unisoc chipsets. Users should ensure their devices are updated with the latest security patches provided by their device manufacturers (NVD).