CVE-2021-0632: 
NixOS vulnerability analysis and mitigation

CVE-2021-0632 is a medium severity vulnerability discovered in the MediaTek wifi driver. The vulnerability was disclosed in October 2021 and affects various MediaTek chipsets running Android versions 8.1, 9.0, 10.0, and 11.0. The issue stems from a missing bounds check in the wifi driver component that could expose sensitive information to unauthorized actors (MediaTek Bulletin, NVD).

The vulnerability is classified as CWE-200 (Exposure of Sensitive Information to an Unauthorized Actor) and involves an out-of-bounds read condition due to a missing bounds check in the wifi driver. The CVSS v3.1 base score is 6.5 (Medium), with the vector string CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N, indicating adjacent network attack vector, low attack complexity, no privileges required, and no user interaction needed (NVD).

The vulnerability could lead to remote information disclosure to a proximal attacker under certain build conditions. The attack requires no additional execution privileges and can be executed without user interaction. The impact is limited to information disclosure, with no impact on system integrity or availability (MediaTek Bulletin).

The vulnerability affects multiple MediaTek chipsets including MT6739, MT6761, MT6762, MT6765, MT6768, MT6771, MT6779, MT6785, MT6833, MT6853, MT6873, MT6875, MT6877, MT6883, MT6885, MT6889, MT6891, MT6893, and various MT81xx and MT87xx series. Device manufacturers were notified of the security patches at least two months before the public disclosure (MediaTek Bulletin).