CVE-2022-26475: 
NixOS vulnerability analysis and mitigation

CVE-2022-26475 is a medium severity vulnerability discovered in MediaTek's WLAN component. The vulnerability was disclosed in October 2022 and affects various MediaTek chipsets running Android 11.0, 12.0, and Yocto 3.1, 3.3. The issue stems from improper input validation in the WLAN component, specifically due to a missing bounds check (MediaTek Bulletin).

The vulnerability is classified as an out-of-bounds write vulnerability (CWE-787) that occurs due to a missing bounds check in the WLAN component. It has been assigned a CVSS v3.1 base score of 6.7 (MEDIUM) with the vector string CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H, indicating local access, low attack complexity, high privileges required, and no user interaction needed (NVD).

If exploited, this vulnerability could lead to local escalation of privilege with System execution privileges. The successful exploitation could allow an attacker to gain elevated system privileges on the affected device (MediaTek Bulletin).

MediaTek has released patches for this vulnerability and notified device OEMs. The fix is identified by Patch ID: ALPS07310743 and Issue ID: ALPS07310743. Affected users should update their devices with the latest security patches provided by their device manufacturers (MediaTek Bulletin).