The November Android security patch fixed a vulnerability that allowed you to unlock your phone using your SIM card.
Developer David Schütz was able to discover a vulnerability that allowed him to bypass the lock screen on his Pixel 5 and 6 by resetting the SIM card’s PIN using the PUK code by next scenario:
1. Lock the device
2. Get the biometric authentication turned off (so that the device asks for the lock screen key only)
3. Pull out the SIM card tray and insert it with the SIM card. (The SIM card PIN entry screen appears)
4. Perform the process of resetting the SIM card PIN using the PUK code. Enter a new PIN code.
5. Your device is unlocked without entering the lock screen key!
David Schütz received $70,000 from Google for discovering the problem.
The fix for CVE-2022-20465 vulnerability has already been uploaded to AOSP Android 10-13, and was rolled out with the November security patch.