CVE-2024-34722: 
NixOS vulnerability analysis and mitigation

CVE-2024-34722 is a vulnerability discovered in Android's Bluetooth implementation, specifically in the smpprocrand function of smp_act.cc. The vulnerability was disclosed on July 9, 2024, affecting Android versions 12.0, 12.1, 13.0, and 14.0. It involves an authentication bypass during legacy BLE (Bluetooth Low Energy) pairing due to incorrect implementation of a protocol (NVD).

The vulnerability has been assigned a CVSS v3.1 base score of 8.8 (HIGH) with the vector string CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H. The weakness has been classified under CWE-303 (Incorrect Implementation of Authentication Algorithm). The vulnerability exists in the Bluetooth pairing process, specifically during the legacy BLE pairing procedure, where the authentication mechanism can be bypassed (NVD).

The vulnerability could lead to remote escalation of privilege with no additional execution privileges needed. The attack requires no user interaction for exploitation, potentially allowing unauthorized access to affected devices through Bluetooth connections (CVE).

A fix has been implemented and committed to the Android Bluetooth codebase, addressing the authentication bypass issue in the SMP (Security Manager Protocol) implementation (Android Patch).