CVE-2023-42718: 
NixOS vulnerability analysis and mitigation

CVE-2023-42718 is a vulnerability discovered in the dialer component that affects various Android versions (11.0, 12.0, 13.0) and multiple Unisoc hardware platforms. The vulnerability was disclosed and assigned on September 13, 2023, with initial analysis by NIST completed on December 7, 2023 (NVD).

The vulnerability stems from a missing permission check in the dialer component that allows writing permission usage records of an app. The severity is rated as MEDIUM with a CVSS v3.1 base score of 5.5 (Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N). The vulnerability is classified under CWE-668 (Exposure of Resource to Wrong Sphere) (NVD).

The vulnerability could lead to local information disclosure without requiring additional execution privileges. This means an attacker with local access could potentially access sensitive information through the dialer component (NVD).

The vulnerability affects multiple Unisoc hardware platforms including S8000, SC7731E, SC9832E, SC9863A, T310, T606, and various Android versions (11.0-13.0). Users should apply any security updates provided by their device manufacturers (NVD).