CVE-2021-0895: 
NixOS vulnerability analysis and mitigation

In apusys, there is a possible out of bounds write vulnerability due to a missing bounds check. The vulnerability was discovered and disclosed in December 2021, affecting MediaTek chipsets including MT6873, MT6875, MT6877, MT6883, MT6885, MT6889, and others running Android versions 10.0, 11.0, and 12.0. This vulnerability is tracked as CVE-2021-0895 with a CVSS v3.1 base score of 6.7 (Medium) (NVD, Vendor Advisory).

The vulnerability is classified as CWE-787 (Out-of-bounds Write) and requires System execution privileges for exploitation. The CVSS vector is CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H, indicating local access, low attack complexity, high privileges required, and no user interaction needed. The vulnerability exists in the apusys component and could lead to local escalation of privilege (NVD).

If exploited, this vulnerability could lead to local escalation of privilege with System execution privileges. The potential impact affects the confidentiality, integrity, and availability of the system, as indicated by the CVSS metrics showing High impact ratings for all three security objectives (NVD).

MediaTek has addressed this vulnerability in their security updates. Device OEMs were notified of the issue and corresponding security patches at least two months before publication. Users should ensure their devices are updated with the latest security patches provided by their device manufacturers (Vendor Advisory).