CVE-2023-42712: 
NixOS vulnerability analysis and mitigation

CVE-2023-42712 is a vulnerability discovered in the firewall service of Android operating system. The vulnerability allows a possible way to write permission usage records of an app due to a missing permission check. This issue was disclosed in December 2023 and affects Android versions 11.0 and 12.0, as well as various Unisoc hardware platforms (NVD Database).

The vulnerability is classified as a Missing Authorization issue (CWE-862) with a CVSS v3.1 Base Score of 5.5 (Medium). The attack vector is Local (L), with Low attack complexity (AC:L), requiring Low privileges (PR:L), and no user interaction (UI:N). The scope is Unchanged (S:U), with High confidentiality impact (C:H), but No impact on integrity (I:N) or availability (A:N) (NVD Database).

The vulnerability could lead to local information disclosure with no additional execution privileges needed. This means an attacker could potentially access sensitive information through the firewall service's permission usage records (NVD Database).

The vulnerability affects Android 11.0 and 12.0, along with various Unisoc hardware platforms including S8000, SC7731E, SC9832E, SC9863A, T310, T606, T610, T612, T616, T618, T760, T770, and T820. Users should ensure their devices are updated with the latest security patches (NVD Database).