CVE-2024-31323: 
NixOS vulnerability analysis and mitigation

CVE-2024-31323 is a security vulnerability in Android's HealthFitness module that was discovered and reported by Android (associated with Google Inc. or Open Handset Alliance). The vulnerability affects Android 14.0 and involves a tapjacking issue in the onCreate functionality of multiple files, which could potentially allow unauthorized access to health permissions (NVD).

The vulnerability is classified with a CVSS v3.1 Base Score of 7.8 (HIGH) with the vector string CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H. It is categorized under CWE-1021 (Improper Restriction of Rendered UI Layers or Frames) and CWE-269 (Improper Privilege Management). The vulnerability exists in the onCreate method of multiple files and does not require user interaction for exploitation (NVD).

The vulnerability could lead to local escalation of privilege with no additional execution privileges needed. An attacker could potentially gain unauthorized access to health permissions through tapjacking, potentially compromising sensitive health-related data (NVD).

A patch has been released to address this vulnerability. Users should refer to the Android Security Bulletin for June 2024 for detailed mitigation instructions (Android Security Bulletin, Android Git).