CVE-2023-42702: 
NixOS vulnerability analysis and mitigation

In firewall service, there is a possible way to write permission usage records of an app due to a missing permission check. This vulnerability (CVE-2023-42702) was discovered and disclosed on December 3, 2023. The vulnerability affects Google Android 11.0 and 12.0, as well as various UNISOC hardware platforms including S8000, SC7731E, SC9832E, SC9863A, T310, T606, T610, and others (NVD).

The vulnerability has been assigned a CVSS v3.1 Base Score of 5.5 (MEDIUM) with the vector string CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N. The vulnerability is classified under CWE-862 (Missing Authorization). The issue stems from a missing permission check in the firewall service component that could allow unauthorized writing of permission usage records (NVD).

This vulnerability could lead to local information disclosure with no additional execution privileges needed. The impact is primarily focused on confidentiality, with the CVSS scoring indicating high confidentiality impact but no impact on integrity or availability (NVD).

The vulnerability has been addressed in subsequent security updates. Users and administrators should ensure their devices are updated to the latest available security patches that address this vulnerability (NVD).