CVE-2022-26429: 
NixOS vulnerability analysis and mitigation

In cta (a MediaTek component), a vulnerability was discovered that allows writing permission usage records of an app due to a missing permission check. The vulnerability, identified as CVE-2022-26429, was disclosed on August 1, 2022. It affects multiple MediaTek chipsets including MT6580, MT6735, MT6739, and several others running Android 11.0 and 12.0 (Vendor Advisory).

The vulnerability is classified as a Medium severity issue with a CVSS v3.1 Base Score of 7.8 HIGH (Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H). It is categorized under CWE-862 (Missing Authorization), indicating a fundamental security control issue in the authorization mechanism (NVD).

This vulnerability could lead to local escalation of privilege with no additional execution privileges needed. The exploit does not require user interaction for exploitation, making it particularly concerning for affected devices (Vendor Advisory).

MediaTek has addressed this vulnerability through security patches. Device OEMs were notified of the issue and corresponding security patches at least two months before the public disclosure. Users should ensure their devices are updated with the latest security patches (Vendor Advisory).