CVE-2023-20656: 
NixOS vulnerability analysis and mitigation

CVE-2023-20656 is a high-severity vulnerability discovered in MediaTek's geniezone component. The vulnerability was disclosed on April 6, 2023, and affects various MediaTek chipsets running Android versions 10.0 through 13.0. This write-what-where condition vulnerability could lead to local escalation of privilege with System execution privileges (MediaTek Bulletin).

The vulnerability is classified as a write-what-where condition (CWE-123) in the geniezone component due to a logic error. The vulnerability has been assigned a CVSS v3.1 base score of 6.7 (Medium), with the vector string CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H. The vulnerability requires system execution privileges but does not need user interaction for exploitation (NVD).

If exploited, this vulnerability could lead to local escalation of privilege with System execution privileges. The vulnerability affects multiple MediaTek chipset models including MT6765, MT6768, MT6771, MT6779, MT6781, MT6785, and several others, potentially impacting a wide range of Android devices running versions 10.0 through 13.0 (MediaTek Bulletin).

MediaTek has addressed this vulnerability through a security patch identified as ALPS07571494. Device manufacturers using affected MediaTek chipsets have been notified of the issue and corresponding security patches at least two months before the public disclosure (MediaTek Bulletin).