CVE-2021-0678: 
NixOS vulnerability analysis and mitigation

CVE-2021-0678 is a security vulnerability discovered in the apusys component of MediaTek chipsets. The vulnerability was disclosed in December 2021 and affects various MediaTek chipset models including MT6873, MT6875, MT6877, MT6883, MT6885, MT6889, and others. This vulnerability is characterized by a possible out-of-bounds write condition due to a missing bounds check in the system (MediaTek Bulletin).

The vulnerability is classified as a CWE-119 type, which refers to an Improper Restriction of Operations within the Bounds of a Memory Buffer. It has been assigned a CVSS v3.1 Base Score of 6.7 (MEDIUM) with the vector string CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H. The vulnerability affects Android versions 10.0, 11.0, and 12.0 running on the affected MediaTek chipsets (NVD).

If exploited, this vulnerability could lead to local escalation of privilege with System execution privileges. The vulnerability requires System execution privileges for exploitation, but user interaction is not needed for exploitation (MediaTek Bulletin).

MediaTek has addressed this vulnerability and notified device OEMs of the security patches at least two months before the public disclosure. The fix was included in the December 2021 security bulletin (MediaTek Bulletin).