CVE-2022-20097: 
NixOS vulnerability analysis and mitigation

CVE-2022-20097 is a medium severity vulnerability discovered in MediaTek's aee daemon component. The vulnerability was disclosed on May 3, 2022, and affects various MediaTek chipsets running Android 11.0 and 12.0. The issue is characterized as a Time-of-check Time-of-use (TOCTOU) race condition that could lead to local information disclosure (MediaTek Bulletin).

The vulnerability is classified as a race condition (CWE-367) in the aee daemon component. It can lead to information disclosure due to improper synchronization between operations. The vulnerability requires no additional execution privileges and no user interaction for exploitation. The issue affects a wide range of MediaTek chipsets including MT6580, MT6739, MT6761, and many others (MediaTek Bulletin).

If exploited, the vulnerability could result in local information disclosure on affected devices. The attack requires no additional execution privileges, making it accessible to any local attacker. The vulnerability's scope is limited to local attacks, and no user interaction is required for exploitation (MediaTek Bulletin).

MediaTek has addressed this vulnerability through a security patch identified as ALPS06383944. Device manufacturers using affected MediaTek chipsets should integrate this patch into their software updates (MediaTek Bulletin).