CVE-2022-20082: 
NixOS vulnerability analysis and mitigation

A high-severity vulnerability identified as CVE-2022-20082 was discovered in MediaTek's GPU implementation. The vulnerability was disclosed in July 2022 and affects various MediaTek chipsets running Android versions 10.0, 11.0, and 12.0. The issue stems from a race condition that could lead to a use-after-free scenario in the GPU component (MediaTek Bulletin).

The vulnerability is classified as a Concurrent Execution using Shared Resource with Improper Synchronization (Race Condition) vulnerability, identified as CWE-362. It received a CVSS v3.1 score indicating high severity with the following vector: AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H. The vulnerability affects multiple MediaTek chipsets including MT6768, MT6769, MT6781, MT6785, MT6789, MT6833, MT6853, MT6853T, MT6873, MT6875, MT6877, MT6879, MT6883, MT6885, MT6889, MT6893, MT6895, and MT6983 (NVD).

The vulnerability could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not required for exploitation, making it particularly concerning from a security perspective (MediaTek Bulletin).

MediaTek has addressed this vulnerability and notified device OEMs of the security patches at least two months before the public disclosure. Users should ensure their devices are updated with the latest security patches provided by their device manufacturers (MediaTek Bulletin).