CVE-2022-32631: 
NixOS vulnerability analysis and mitigation

In Wi-Fi, there is a possible out of bounds write due to improper input validation. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. The vulnerability was discovered in 2022 and assigned identifier CVE-2022-32631 (NVD, MediaTek).

The vulnerability is classified as a medium severity issue with a CVSS score of 6.7. It stems from improper input validation in the Wi-Fi component that could lead to an out of bounds write condition. The vulnerability affects multiple MediaTek chipsets including MT6580, MT6739, MT6761, MT6765, MT6768, MT6771, MT6779, MT6781, MT6785, MT6789, MT6833, MT6853, MT6873, MT6877, MT6879, MT6883, MT6895, MT6983 and others running Android versions 11.0, 12.0, 13.0 and Yocto 3.1 (MediaTek).

If exploited, this vulnerability could allow an attacker to achieve local escalation of privilege with System execution privileges. The attack requires System execution privileges but does not need user interaction for exploitation (MediaTek).

MediaTek has released security patches to address this vulnerability. Device OEMs were notified of the issues and corresponding security patches at least two months before publication. Users should ensure their devices are updated with the latest security patches (MediaTek).