CVE-2021-0902: 
NixOS vulnerability analysis and mitigation

CVE-2021-0902 is a security vulnerability discovered in the apusys component of MediaTek chipsets. The vulnerability was disclosed in December 2021 and affects various MediaTek chipset models including MT6873, MT6875, MT6877, MT6883, MT6885, MT6889, MT6891, MT6893, MT8195, MT8791, and MT8797. The issue affects Android versions 10.0, 11.0, and 12.0 (MediaTek Bulletin).

The vulnerability is classified as an improper input validation issue (CWE-20) that could lead to an out-of-bounds read due to an incorrect bounds check. The vulnerability has been assigned a Medium severity rating. The vulnerability requires System execution privileges for exploitation, and user interaction is not needed for exploitation (MediaTek Bulletin, NVD).

If exploited, this vulnerability could lead to local information disclosure with System execution privileges needed. The impact is limited to local attacks, meaning the attacker would need access to the affected device (MediaTek Bulletin).

MediaTek has addressed this vulnerability and notified device OEMs of the security patches at least two months before the public disclosure. Users should ensure their devices are updated with the latest security patches provided by their device manufacturers (MediaTek Bulletin).