CVE-2024-40650: 
NixOS vulnerability analysis and mitigation

A high-severity vulnerability (CVE-2024-40650) was identified in the wifiitemedit_content of styles.xml in Android. The vulnerability affects Android versions 12.0, 12.1, 13.0, and 14.0. This security flaw involves a Factory Reset Protection (FRP) bypass due to a missing check for FRP state (NVD, CVE).

The vulnerability has been assigned a CVSS v3.1 base score of 7.8 (HIGH) with the vector string CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H. The flaw is classified under CWE-862 (Missing Authorization) and CWE-358 (Improperly Implemented Security Check for Standard). The vulnerability requires local access but has low attack complexity and requires no user interaction for exploitation (NVD).

This vulnerability could lead to local escalation of privilege with no additional execution privileges needed. The high CVSS score indicates potential severe impacts on confidentiality, integrity, and availability of the affected system (NVD).

Google has released patches for this vulnerability in the September 2024 security bulletin. Users are advised to update their Android devices to the latest security patch level to protect against this vulnerability (GBHackers).