CVE-2022-26464: 
NixOS vulnerability analysis and mitigation

CVE-2022-26464 is a security vulnerability affecting MediaTek chipsets that was disclosed in September 2022. The vulnerability exists in the vow component and is characterized by improper input validation that could lead to local escalation of privilege. The affected systems include various MediaTek chipset models including MT6833, MT6853, MT6855, MT6873, MT6877, MT6879, MT6883, MT6885, MT6889, MT6893, MT6895, MT6983, MT8791, and MT8797 running Android 11.0 and 12.0 (MediaTek Bulletin).

The vulnerability is caused by an incorrect bounds check in the vow component, which could result in an out-of-bounds write condition. The issue requires System execution privileges for exploitation. The vulnerability is classified with CWE-20 (Improper Input Validation) and has been assigned a Medium severity rating (MediaTek Bulletin).

If successfully exploited, this vulnerability could lead to local escalation of privilege on affected devices. The attacker would need System execution privileges to exploit the vulnerability, and user interaction is not required for exploitation (MediaTek Bulletin).

MediaTek has addressed this vulnerability in their September 2022 security patch. Device OEMs were notified of the issue and provided with corresponding security patches at least two months before public disclosure (MediaTek Bulletin).