CVE-2023-42699: 
NixOS vulnerability analysis and mitigation

CVE-2023-42699 is a vulnerability discovered in the omacp service affecting Android devices. The vulnerability was disclosed in December 2023 and affects various Android versions (11.0, 12.0, 13.0) and multiple Unisoc hardware platforms. The issue stems from a missing permission check that could allow unauthorized access to app permission usage records (NVD Database).

The vulnerability is classified as a Missing Authorization issue (CWE-862) with a CVSS v3.1 base score of 5.5 (Medium). The attack vector is local (AV:L), requires low attack complexity (AC:L), needs low privileges (PR:L), requires no user interaction (UI:N), affects only the user scope (S:U), and can lead to high confidentiality impact (C:H) with no impact on integrity (I:N) or availability (A:N) (NVD Database).

The vulnerability allows unauthorized access to app permission usage records, potentially leading to local information disclosure. The exploit requires no additional execution privileges beyond local access to the device (NVD Database).

The vulnerability affects multiple Unisoc hardware platforms including S8000, SC7731E, SC9832E, SC9863A, T310, T606, T610, T612, T616, T618, T760, T770, and T820. Users should ensure their devices are updated with the latest security patches provided by their device manufacturers (NVD Database).