CVE-2023-42713: 
NixOS vulnerability analysis and mitigation

CVE-2023-42713 is a vulnerability discovered in the firewall service of Android operating system. The vulnerability was disclosed on December 3, 2023, and affects multiple Android versions and Unisoc hardware platforms. The issue stems from a missing permission check that could allow unauthorized access to app permission usage records (NVD).

The vulnerability has been assigned a CVSS v3.1 base score of 5.5 (Medium) with the vector string CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N. The issue is classified as CWE-862 (Missing Authorization). The vulnerability exists in the firewall service where a missing permission check could allow unauthorized access to write permission usage records of an application (NVD).

The vulnerability could lead to local information disclosure without requiring additional execution privileges. This means an attacker with local access could potentially access sensitive permission usage data of other applications on the affected device (NVD).

The vulnerability affects Android versions 11.0 and 12.0, as well as various Unisoc hardware platforms including S8000, SC7731E, SC9832E, SC9863A, T310, T606, and T610. Users should ensure their devices are updated with the latest security patches provided by their device manufacturers (NVD).