CVE-2022-26447: 
NixOS vulnerability analysis and mitigation

CVE-2022-26447 is a critical vulnerability discovered in MediaTek's BT firmware that was disclosed in September 2022. The vulnerability affects multiple MediaTek chipsets used in smartphones and tablets, including various MT series processors. The flaw stems from a possible out-of-bounds write condition due to a missing bounds check in the BT firmware (Vendor Advisory, NVD).

The vulnerability has been assigned a CVSS v3.1 base score of 9.8 (Critical) and is classified as CWE-787 (Out-of-bounds Write). The flaw exists in the BT firmware component and is characterized by improper input validation that could lead to an out-of-bounds write condition (NVD, Security Online).

The vulnerability allows remote code execution with no additional execution privileges needed and requires no user interaction for exploitation. This means an attacker could potentially execute arbitrary code on affected devices remotely, compromising the security of the system (Vendor Advisory, Security Online).

MediaTek has released security patches for the affected devices. The vulnerability affects multiple Android versions (10.0, 11.0, 12.0) and Yocto 3.1. Device manufacturers have been notified of the issues and corresponding security patches at least two months before the public disclosure (Vendor Advisory).