CVE-2022-32590: 
NixOS vulnerability analysis and mitigation

In wlan, there is a possible use after free vulnerability due to an incorrect status check. This vulnerability was discovered in MediaTek chipsets and assigned CVE-2022-32590. The vulnerability was disclosed on October 7, 2022 and affects multiple MediaTek chipset models including MT6761, MT6762, MT6765, and others running Android 11.0, 12.0 and Yocto 3.1, 3.3 operating systems (Vendor Advisory).

The vulnerability is classified as a use-after-free issue caused by an incorrect status check in the wlan component. It has been assigned CWE-703 (Improper Check or Handling of Exceptional Conditions). The vulnerability has received a CVSS v3.1 base score of 6.7 MEDIUM with the vector string CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H (NVD).

A successful exploitation of this vulnerability could lead to local escalation of privilege with System execution privileges. The vulnerability requires no user interaction for exploitation (Vendor Advisory).

MediaTek has released security patches to address this vulnerability. Device OEMs were notified of the issues and corresponding security patches at least two months before publication. Users are advised to apply the latest security updates provided by their device manufacturers (Vendor Advisory).