CVE-2022-20058: 
NixOS vulnerability analysis and mitigation

CVE-2022-20058 is a medium severity vulnerability affecting MediaTek's preloader (USB) component. The vulnerability was discovered and disclosed in March 2022. It affects multiple MediaTek chipsets including MT6761, MT6762, MT6765, MT6768, MT6771, MT6779, MT6781, MT6785, MT6833, MT6853, MT6853T, MT6873, MT6877, MT6885, MT6893, and various MT8xxx series chips running Android versions 10.0, 11.0, and 12.0 (MediaTek Bulletin).

The vulnerability is classified as an out-of-bounds write issue (CWE-787) in the preloader's USB component. The security flaw occurs due to a missing bounds check in the code, which could potentially allow unauthorized write operations beyond intended memory boundaries (MediaTek Bulletin).

If exploited, this vulnerability could lead to local escalation of privilege. However, the impact is somewhat limited as it requires an attacker to have physical access to the device. The vulnerability has been assigned a medium severity rating, indicating moderate potential impact on affected systems (MediaTek Bulletin).

MediaTek has addressed this vulnerability by notifying device OEMs and providing corresponding security patches. The fix was made available to OEMs at least two months before the public disclosure in March 2022. Users should ensure their devices are updated with the latest security patches provided by their device manufacturers (MediaTek Bulletin).