CVE-2022-26472: 
NixOS vulnerability analysis and mitigation

CVE-2022-26472 is a vulnerability discovered in the IMS (IP Multimedia Subsystem) component of MediaTek chipsets. The vulnerability was disclosed in October 2022 and affects various MediaTek chipset models running Android versions 10.0, 11.0, and 12.0. This vulnerability involves a parcel format mismatch in the IMS system that could lead to privilege escalation (MediaTek Bulletin).

The vulnerability is classified as a high-severity issue involving deserialization of untrusted data in the IMS component. It is categorized under CWE-502 (Deserialization of Untrusted Data). The vulnerability stems from a parcel format mismatch in the IMS system, which could be exploited without requiring additional execution privileges (MediaTek Bulletin).

If exploited, this vulnerability allows an attacker to achieve local escalation of privilege on affected devices. The attack can be executed without requiring additional execution privileges or user interaction, making it particularly concerning for device security (MediaTek Bulletin).

MediaTek has addressed this vulnerability and notified device OEMs of the security patches. The fix was included in the October 2022 security update. Device manufacturers using affected MediaTek chipsets should apply the security patches provided by MediaTek (MediaTek Bulletin).