CVE-2022-26462: 
NixOS vulnerability analysis and mitigation

CVE-2022-26462 is a security vulnerability discovered in MediaTek's vow component, reported in September 2022. The vulnerability is characterized as an out-of-bounds read vulnerability due to an incorrect bounds check. This issue affects various MediaTek chipsets running Android 11.0 and 12.0 operating systems (Vendor Advisory).

The vulnerability is classified as a medium severity issue with a CVSS v3.1 base score of 4.4 (MEDIUM), with the vector string CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N. The vulnerability is categorized under CWE-125 (Out-of-bounds Read) and CWE-20 (Improper Input Validation). The flaw exists in the vow component where an incorrect bounds check can lead to an out-of-bounds read condition (NVD).

The vulnerability can lead to local information disclosure with System execution privileges required. The successful exploitation of this vulnerability could allow an attacker to access information outside of intended boundaries, potentially exposing sensitive data (Vendor Advisory).

MediaTek has addressed this vulnerability in their September 2022 security bulletin. The fix is identified by Patch ID: ALPS07032660. Affected device manufacturers have been notified of the issue and corresponding security patches at least two months before the public disclosure (Vendor Advisory).