CVE-2021-0663: 
NixOS vulnerability analysis and mitigation

CVE-2021-0663 is a heap-based buffer overflow vulnerability discovered in MediaTek's audio DSP driver. The vulnerability was disclosed in October 2021 and affects various MediaTek chipsets running Android versions 9.0, 10.0, and 11.0. The issue stems from an incorrect bounds check in the audio DSP driver component (MediaTek Bulletin).

The vulnerability is classified as a heap-based buffer overflow (CWE-122) that occurs due to an incorrect bounds check in the audio DSP driver. It received a CVSS v3.1 Base Score of 6.7 (Medium) with the vector string CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H, indicating local access requirements with high privileges needed (NVD).

The vulnerability could lead to local escalation of privilege with System execution privileges. The exploitation does not require user interaction, potentially allowing attackers to gain elevated system privileges on affected devices (MediaTek Bulletin, Hacker News).

MediaTek has addressed the vulnerability and provided patches to device OEMs. The company notified device manufacturers of the issues and corresponding security patches at least two months before public disclosure (MediaTek Bulletin).

The vulnerability was part of a broader security research effort that uncovered multiple vulnerabilities in MediaTek chips, affecting approximately 37% of all smartphones and IoT devices globally. The findings garnered significant attention due to the widespread use of MediaTek chips in mobile devices (Hacker News).