CVE-2024-31324: 
NixOS vulnerability analysis and mitigation

CVE-2024-31324 is a security vulnerability in Android's WindowState.java component that affects Android versions 12.0, 12.1, 13.0, and 14.0. The vulnerability was discovered in the hide functionality, where there exists a possible way to bypass tapjacking/overlay protection by launching the activity in portrait mode first and then rotating it to landscape mode (NVD).

The vulnerability is classified as CWE-1021 (Improper Restriction of Rendered UI Layers or Frames). It has received a CVSS v3.1 base score of 7.3 (HIGH) with the vector string CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H. CISA-ADP has assigned a slightly higher score of 7.8 (HIGH) with the vector string CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H (NVD).

This vulnerability could lead to local escalation of privilege with User execution privileges needed. The successful exploitation requires user interaction and could potentially result in high impacts on confidentiality, integrity, and availability of the affected system (NVD).

A patch has been released to address this vulnerability. The fix involves modifying the window hiding behavior to update visibility immediately if the window itself isn't running a hide animation (Android Git).