CVE-2021-0897: 
NixOS vulnerability analysis and mitigation

CVE-2021-0897 is a security vulnerability discovered in the apusys component affecting MediaTek chipsets. The vulnerability was disclosed in December 2021 and affects Android versions 10.0, 11.0, and 12.0. The affected hardware includes several MediaTek chipset models including MT6873, MT6875, MT6877, MT6883, MT6885, MT6889, MT6891, MT6893, MT8195, MT8791, and MT8797 (MediaTek Bulletin).

The vulnerability is classified as a Time-of-check Time-of-use (TOCTOU) race condition (CWE-367) and an Out-of-bounds Write (CWE-787) issue in the apusys component. It has been assigned a CVSS v3.1 Base Score of 6.7 (Medium) with the vector string CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H, indicating local access requirements with high privileges needed (NVD).

The vulnerability could lead to local escalation of privilege if exploited successfully. The attack requires System execution privileges, but no user interaction is needed for exploitation (MediaTek Bulletin).

MediaTek has released security patches to address this vulnerability. Device manufacturers were notified of the issue and corresponding security patches at least two months before the public disclosure (MediaTek Bulletin).