CVE-2021-0893: 
NixOS vulnerability analysis and mitigation

CVE-2021-0893 is a medium severity vulnerability discovered in the apusys component of MediaTek chipsets. The vulnerability was disclosed in December 2021 and affects Android versions 10.0, 11.0, and 12.0 running on various MediaTek chipset models including MT6873, MT6875, MT6877, MT6883, MT6885, MT6889, MT6891, MT6893, MT8195, MT8791, and MT8797 (MediaTek Bulletin).

The vulnerability is classified as a Use After Free (CWE-416) issue in the apusys component. The technical nature of the vulnerability involves possible memory corruption due to a use after free condition. The vulnerability has been assigned a CVSS v3.1 base score of 6.7 (MEDIUM) with the vector string CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H (NVD).

If exploited, this vulnerability could lead to local escalation of privilege with System execution privileges needed. The vulnerability requires no user interaction for exploitation but does require system-level privileges to execute (MediaTek Bulletin).

MediaTek has released patches for this vulnerability and notified device OEMs of the security patches at least two months before publication. Users should ensure their devices are updated with the latest security patches provided by their device manufacturers (MediaTek Bulletin).