CVE-2022-21750: 
NixOS vulnerability analysis and mitigation

CVE-2022-21750 is a vulnerability discovered in the WLAN driver affecting MediaTek chipsets. The vulnerability was disclosed on June 6, 2022, and affects various MediaTek chipset models running Android versions 11.0 and 12.0. The issue stems from a possible out-of-bounds write condition due to a missing bounds check (MediaTek Bulletin).

The vulnerability is classified as a medium severity issue with a CVSS v3.1 base score of 6.7. It is categorized under CWE-787 (Out-of-bounds Write) and requires System execution privileges for exploitation. The technical nature of the vulnerability involves improper input validation in the WLAN driver, which could lead to an out-of-bounds write condition (NVD).

The vulnerability could lead to local escalation of privilege when successfully exploited. The attack requires System execution privileges, and user interaction is not needed for exploitation. The vulnerability affects multiple MediaTek chipset models including MT6761, MT6779, MT6781, MT6833, MT6853, MT6873, and several others (MediaTek Bulletin).

MediaTek has addressed this vulnerability through a security patch identified as ALPS06521283. The fix has been distributed to device OEMs, who were notified at least two months before the public disclosure (MediaTek Bulletin).