CVE-2023-20700: 
NixOS vulnerability analysis and mitigation

CVE-2023-20700 is a vulnerability discovered in the widevine component affecting MediaTek chipsets. The vulnerability was disclosed in May 2023 and affects Android versions 11.0 and 12.0. The issue involves an out-of-bounds write vulnerability due to a logic error in the widevine component (MediaTek Bulletin).

The vulnerability is classified as a medium severity issue with a CVSS v3.1 base score of 6.7 (MEDIUM). The vulnerability type is identified as CWE-787 (Out-of-bounds Write). The vulnerability exists in the widevine component and could lead to local escalation of privilege when exploited. System execution privileges are required for exploitation, and user interaction is not needed (NVD).

The vulnerability affects multiple MediaTek chipsets including MT6762, MT6765, MT6768, MT6769, MT6779, MT6781, MT6785, MT6789, MT6833, MT6853, MT6853T, MT6855, MT6873, MT6875, MT6877, MT6879, MT6883, MT6885, MT6889, MT6891, MT6893, MT8195, MT8768, MT8786, MT8788, MT8789, and MT8797. If successfully exploited, it could lead to local escalation of privilege with System execution privileges (MediaTek Bulletin).

MediaTek has released security patches for the affected devices. Device OEMs were notified of the issues and corresponding security patches at least two months before the public disclosure (MediaTek Bulletin).