CVE-2022-20093: 
NixOS vulnerability analysis and mitigation

CVE-2022-20093 is a security vulnerability discovered in MediaTek's telephony system that was disclosed on May 3, 2022. The vulnerability affects various MediaTek chipsets running Android versions 10.0, 11.0, and 12.0. It involves a missing permission check in the telephony system that could allow unauthorized disabling of SMS message reception (MediaTek Bulletin).

The vulnerability is classified as a Missing Authorization issue (CWE-862) with a Medium severity rating. The security flaw exists in the telephony component where a permission check is absent, potentially allowing unauthorized control over SMS message reception functionality. The vulnerability affects a wide range of MediaTek chipsets, including MT6731, MT6732, MT6735, and many others across multiple Android versions (MediaTek Bulletin).

If exploited, this vulnerability could lead to local escalation of privilege, allowing an attacker to disable SMS message reception on the affected device. The exploitation does not require additional execution privileges or user interaction, making it particularly concerning for device security (MediaTek Bulletin).

MediaTek has addressed this vulnerability and provided security patches to device manufacturers. The fix was included in the May 2022 security bulletin. Users are advised to ensure their devices are updated with the latest security patches provided by their device manufacturers (MediaTek Bulletin).