CVE-2022-32639: 
NixOS vulnerability analysis and mitigation

In watchdog, a vulnerability was discovered that allows a possible out of bounds read due to a missing bounds check. The vulnerability, identified as CVE-2022-32639, was disclosed on January 3, 2023. It affects various MediaTek chipsets including MT6739, MT6768, MT6771, MT6781, MT6785, MT6833, MT6853, MT6873, MT6877, and several others running Android versions 11.0 and 12.0 (MediaTek Bulletin).

The vulnerability is classified as a medium severity issue with a CVSS 3.1 Base Score of 4.4. The attack vector is local (AV:L), with low attack complexity (AC:L), requiring high privileges (PR:H), and no user interaction (UI:N). The scope is unchanged (S:U), with high confidentiality impact (C:H), but no impact on integrity (I:N) or availability (A:N) (NVD).

This vulnerability could lead to local escalation of privilege with System execution privileges needed. The out of bounds read vulnerability potentially exposes sensitive information to an unauthorized actor. User interaction is not needed for exploitation (MediaTek Bulletin).

MediaTek has notified device OEMs of this issue and provided corresponding security patches. The vulnerability has been addressed with improved checks, as indicated by the vendor advisory (MediaTek Bulletin).