CVE-2022-26428: 
NixOS vulnerability analysis and mitigation

In video codec, there is a possible memory corruption due to a race condition that affects MediaTek chipsets. The vulnerability (CVE-2022-26428) was discovered and disclosed in August 2022, affecting multiple MediaTek chipset models including MT6739, MT6761, MT6765, MT6771, MT8163, MT8167, MT8173, MT8183, MT8362A, MT8385, and MT8695 running Android 11.0 and 12.0 (MediaTek Bulletin).

The vulnerability is classified as a race condition (CWE-362: Concurrent Execution using Shared Resource with Improper Synchronization) in the video codec component. It has been assigned a Medium severity rating. The technical issue involves improper synchronization when accessing shared resources, which could potentially lead to memory corruption (MediaTek Bulletin).

This vulnerability could lead to local escalation of privilege with System execution privileges needed. The exploitation does not require user interaction, making it potentially more dangerous for affected systems (MediaTek Bulletin).

MediaTek has addressed this vulnerability and notified device OEMs of the security patches at least two months before the public disclosure. Users of affected devices should ensure they install the latest security updates provided by their device manufacturers (MediaTek Bulletin).