CVE-2022-21779: 
NixOS vulnerability analysis and mitigation

In WLAN driver, there is a possible out of bounds write due to a missing bounds check. This vulnerability (CVE-2022-21779) was discovered in July 2022 and affects various MediaTek chipsets running Android 11.0 and 12.0. The vulnerability has been assigned a medium severity rating and requires System execution privileges for exploitation (Vendor Advisory).

The vulnerability is classified as an improper input validation issue (CWE-20) in the WLAN driver. The security flaw could lead to local escalation of privilege with System execution privileges needed. The vulnerability has been assigned a CVSS v3.1 base score of 6.7 MEDIUM (Vector: CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H) (NVD).

The vulnerability could allow an attacker with System execution privileges to perform a local escalation of privilege through an out of bounds write operation. User interaction is not needed for exploitation, making it a significant security concern for affected systems (Vendor Advisory).

MediaTek has addressed this vulnerability and notified device OEMs of the security patches. The fix was included in the July 2022 security bulletin. Affected devices should be updated to the latest available firmware that includes these security patches (Vendor Advisory).