CVE-2023-45775: 
NixOS vulnerability analysis and mitigation

In CreateAudioBroadcast of broadcaster.cc, there is a possible out of bounds write vulnerability due to a missing bounds check in Android's Bluetooth module. This vulnerability (CVE-2023-45775) was discovered and disclosed in December 2023, affecting Android version 14.0. The vulnerability could lead to local escalation of privilege without requiring additional execution privileges or user interaction (NVD, CVE).

The vulnerability is classified as a high-severity issue with a CVSS v3.1 base score of 7.8 (HIGH). The vulnerability vector is CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H, indicating local access, low attack complexity, low privileges required, no user interaction needed, and high impacts on confidentiality, integrity, and availability. The issue is categorized as CWE-787 (Out-of-bounds Write) (NVD).

The vulnerability can lead to local escalation of privilege, potentially allowing an attacker to gain elevated access to the system. The high CVSS score indicates significant potential impact on system security, affecting confidentiality, integrity, and availability of the system (NVD).

The vulnerability has been patched in the Android December 2023 security update. The fix addresses the out-of-bounds write issue in the CreateAudioBroadcast function (Android Patch, Android Security Bulletin).