CVE-2024-0037: 
NixOS vulnerability analysis and mitigation

CVE-2024-0037 is a vulnerability discovered in Android's SaveUi.java component, specifically in the applyCustomDescription function. The vulnerability was disclosed in February 2024 and affects Android versions 11.0 through 14.0. The issue stems from a missing permission check that could allow unauthorized access to images belonging to different users (NVD).

The vulnerability has been assigned a CVSS v3.1 base score of 3.3 (LOW) with the vector string CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N. This indicates a local attack vector with low attack complexity, requiring low privileges and no user interaction. The vulnerability is classified under CWE-862 (Missing Authorization) and CWE-922 (Insecure Storage of Sensitive Information) (NVD).

The vulnerability could lead to local information disclosure, specifically allowing unauthorized access to view images belonging to different users. The impact is limited to confidentiality with no effect on integrity or availability of the system (NVD).

Google has released a patch to address this vulnerability in the February 2024 security update. Users are advised to apply the appropriate patches provided by Google to vulnerable systems immediately after appropriate testing (Android Bulletin).