CVE-2022-26463: 
NixOS vulnerability analysis and mitigation

CVE-2022-26463 is a vulnerability discovered in MediaTek's vow component that was disclosed in September 2022. The vulnerability affects multiple MediaTek chipsets running Android 11.0 and 12.0. It is classified as a Medium severity issue with a CVSS v3.1 base score of 4.4 (NVD, MediaTek Bulletin).

The vulnerability stems from an incorrect bounds check in the vow component that could lead to an out-of-bounds read condition. The vulnerability has been assigned CWE-20 (Improper Input Validation). It received a CVSS v3.1 Vector of CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N, indicating local access, low attack complexity, high privileges required, and no user interaction needed for exploitation (NVD).

If exploited, this vulnerability could lead to local information disclosure with System execution privileges needed. The impact is limited to information disclosure without affecting system integrity or availability (MediaTek Bulletin).

The vulnerability affects multiple MediaTek chipsets including MT6833, MT6853, MT6855, MT6873, MT6877, MT6879, MT6883, MT6885, MT6889, MT6893, MT6895, MT6983, MT8791, and MT8797 running Android 11.0 and 12.0. MediaTek has released security patches to address this vulnerability (MediaTek Bulletin).