CVE-2021-0623: 
NixOS vulnerability analysis and mitigation

CVE-2021-0623 is a security vulnerability discovered in the ASF extractor component affecting MediaTek chipsets. The vulnerability was disclosed on November 18, 2021. It affects various MediaTek chipset models running Android versions 10.0 and 11.0. The vulnerability is classified as a medium severity issue with a CVSS v3.1 base score of 5.5 (NVD, MediaTek Bulletin).

The vulnerability is classified as an out-of-bounds read vulnerability (CWE-125) caused by an integer overflow in the ASF extractor component. The CVSS v3.1 vector string is CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N, indicating local access, low complexity, and high confidentiality impact (NVD).

The vulnerability could lead to local information disclosure with no additional execution privileges needed. User interaction is not required for exploitation. The impact is primarily focused on confidentiality, with potential exposure of sensitive information to unauthorized actors (MediaTek Bulletin).

MediaTek has released security patches for the affected chipsets. Device OEMs were notified of the issues and corresponding security patches at least two months before the public disclosure. Users should ensure their devices are updated with the latest security patches (MediaTek Bulletin).