CVE-2022-32640: 
NixOS vulnerability analysis and mitigation

In meta wifi, there is a possible out of bounds write vulnerability (CVE-2022-32640) that affects MediaTek chipsets. The vulnerability was discovered and disclosed in January 2023, affecting various MediaTek Smartphone, Tablet, AIoT, Smart display, Smart platform, OTT and Wi-Fi chipsets running Android versions 11.0 and 12.0 (MediaTek Bulletin).

The vulnerability is caused by a missing bounds check in the meta wifi component, which could lead to an out of bounds write condition. The vulnerability has been assigned a Medium severity rating. The issue affects multiple MediaTek chipset series including MT6580, MT6731, MT6735, MT6737, MT6739, and many others. The vulnerability is tracked as CWE-20 (Improper Input Validation) (MediaTek Bulletin).

If exploited, this vulnerability could lead to local escalation of privilege with System execution privileges needed. The exploitation does not require user interaction, making it potentially more dangerous for affected systems (MediaTek Bulletin).

MediaTek has notified device OEMs of the issue and provided corresponding security patches. The vulnerability affects Android versions 11.0 and 12.0, and users should ensure their devices are updated with the latest security patches provided by their device manufacturers (MediaTek Bulletin).