CVE-2021-0628: 
NixOS vulnerability analysis and mitigation

CVE-2021-0628 is a security vulnerability discovered in OMA DRM (Open Mobile Alliance Digital Rights Management) that was disclosed in August 2021. The vulnerability stems from improper input validation that could potentially lead to memory corruption. This vulnerability affects various MediaTek smartphone chipsets running Android versions 10.0 and 11.0 (MediaTek Bulletin).

The vulnerability is classified as a medium severity issue with a CWE-20 (Improper Input Validation) designation. The vulnerability exists in the OMA DRM component and could result in memory corruption due to improper validation of input. The vulnerability requires System execution privileges for exploitation, and user interaction is not necessary for exploitation. The affected chipsets include MT6580, MT6735, MT6739, MT6755S, MT6757, MT6761, MT6763, MT6765, MT6768, MT6771, MT6779, MT6785, MT6833, MT6853, MT6873, MT6877, and MT6885 (MediaTek Bulletin, NVD).

If successfully exploited, this vulnerability could lead to local escalation of privilege with System execution privileges. The vulnerability requires local access to the device for exploitation, which somewhat limits its potential impact (MediaTek Bulletin).

MediaTek has addressed this vulnerability and notified device OEMs of the security patches at least a month before the public disclosure. Users should ensure their devices are updated with the latest security patches provided by their device manufacturers (MediaTek Bulletin).