CVE-2021-0899: 
NixOS vulnerability analysis and mitigation

A use-after-free vulnerability was discovered in the apusys component affecting MediaTek chipsets. The vulnerability was assigned CVE-2021-0899 and was disclosed in December 2021. This security flaw affects various MediaTek chipset models including MT6873, MT6875, MT6877, MT6883, MT6885, MT6889, and others running Android versions 10.0, 11.0, and 12.0 (MediaTek Bulletin).

The vulnerability is classified as a use-after-free (CWE-416) issue in the apusys component. It received a CVSS v3.1 base score of 6.7 (Medium), with the vector string CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H. The vulnerability requires local access and high privileges for exploitation, but does not require user interaction (NVD).

If exploited, this vulnerability could lead to memory corruption and local escalation of privilege. The attack requires System execution privileges to be successful. The potential impact includes unauthorized elevation of privileges on affected devices (MediaTek Bulletin).

MediaTek has addressed this vulnerability and notified device OEMs of the security patches at least two months before publication. Users of affected devices should ensure they install the latest security updates provided by their device manufacturers (MediaTek Bulletin).