CVE-2022-26470: 
NixOS vulnerability analysis and mitigation

CVE-2022-26470 is a security vulnerability discovered in MediaTek's aie (AI Engine) component, disclosed in September 2022. The vulnerability affects multiple MediaTek chipsets including MT6879, MT6895, MT6983, MT8321, MT8385, MT8765, MT8766, MT8768, MT8786, MT8788, and MT8789 running Android 12.0 (MediaTek Bulletin).

The vulnerability is classified as a medium severity issue caused by an improper input validation (CWE-20) in the aie component. The flaw stems from an incorrect bounds check that could lead to an out-of-bounds write condition. The vulnerability has been assigned a CVSS v3.1 base score indicating local access requirements with high privileges needed (MediaTek Bulletin).

If exploited, this vulnerability could lead to local escalation of privilege with System execution privileges. The attack requires no user interaction for exploitation, though it needs local access to the device (MediaTek Bulletin).

MediaTek has addressed this vulnerability and notified device OEMs of the security patches at least two months before the public disclosure. Users are advised to apply security updates provided by their device manufacturers to mitigate this vulnerability (MediaTek Bulletin).