CVE-2024-0019: 
NixOS vulnerability analysis and mitigation

CVE-2024-0019 is a vulnerability discovered in Android's AppOpsControllerImpl.java component, specifically in the setListening function. The vulnerability was disclosed in January 2024 and affects Android versions 12.0, 12.1, 13.0, and 14.0. The issue stems from a missing check for active recordings that could allow hiding the microphone privacy indicator when restarting systemUI (NVD, CVE).

The vulnerability has been assigned a CVSS v3.1 base score of 5.0 (Medium), with the vector string CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:N/I:H/A:N. The issue occurs in the setListening function of AppOpsControllerImpl.java where a missing check for active recordings can lead to the microphone privacy indicator being hidden during systemUI restart (NVD).

If exploited, this vulnerability could lead to a local denial of service condition. The impact is limited as it requires local access and user interaction for exploitation. The primary security concern is the ability to hide the microphone privacy indicator, which could potentially mask unauthorized audio recording activities (NVD).

A patch has been released to address this vulnerability. The fix is available through the January 2024 Android security updates. Users are advised to update their Android devices to the latest available security patch level (Android Security Bulletin).