CVE-2023-20686: 
NixOS vulnerability analysis and mitigation

CVE-2023-20686 is a medium severity vulnerability discovered in display drm (Direct Rendering Manager) that was disclosed on April 6, 2023. The vulnerability affects Android devices running versions 12.0 and 13.0 on specific MediaTek chipsets (MT6879, MT6895, MT6983, MT8781) (MediaTek Bulletin).

The vulnerability is classified as an Elevation of Privilege (EoP) issue caused by a race condition that could lead to a double free condition in the display drm component. It has been assigned CWE-662 (Improper Synchronization) as its weakness enumeration. The vulnerability received a CVSS v3.1 base score of 6.4 MEDIUM (Vector: CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H) (NVD).

A successful exploitation of this vulnerability could allow an attacker to gain SYSTEM privileges on the affected device. The vulnerability requires system execution privileges for exploitation, and no user interaction is needed (MediaTek Bulletin).

MediaTek has released security patches for the affected chipsets. Device manufacturers using the affected MediaTek chipsets have been notified of the vulnerability and corresponding security patches at least two months before the public disclosure (MediaTek Bulletin).