CVE-2023-42711: 
NixOS vulnerability analysis and mitigation

CVE-2023-42711 is a vulnerability discovered in the firewall service of Android operating system. The vulnerability stems from a missing permission check that could allow writing permission usage records of an app. This vulnerability was disclosed on December 3, 2023, affecting Google Android 11.0 and 12.0, as well as various UNISOC hardware platforms (NVD).

The vulnerability is characterized by a missing permission check in the firewall service component. It has been assigned a CVSS v3.1 Base Score of 5.5 (MEDIUM) with the vector string CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N. The vulnerability is classified under CWE-862 (Missing Authorization) indicating a fundamental authorization control issue (NVD).

The exploitation of this vulnerability could lead to local information disclosure without requiring additional execution privileges. The impact is primarily focused on confidentiality, with no direct effects on system integrity or availability (NVD).

The vulnerability affects Android 11.0 and 12.0, along with various UNISOC hardware platforms including S8000, SC7731E, SC9832E, SC9863A, T310, T606, and T610. Users should ensure their devices are updated with the latest security patches (NVD).