CVE-2023-20708: 
NixOS vulnerability analysis and mitigation

In keyinstall, there is a possible out of bounds read due to a missing bounds check. This vulnerability (CVE-2023-20708) was discovered and disclosed in May 2023, affecting MediaTek chipsets running Android 11.0, 12.0, and 13.0. The vulnerability impacts a wide range of MediaTek chipset models including MT6580, MT6731, MT6735, and many others (Vendor Advisory).

The vulnerability is classified as a medium severity issue with a CVSS v3.1 base score of 6.7. It is categorized under CWE-20 (Improper Input Validation) and requires system execution privileges for exploitation. The vulnerability specifically involves a missing bounds check in the keyinstall component, which could potentially lead to an out of bounds read condition (NVD).

The successful exploitation of this vulnerability could lead to local escalation of privilege with System execution privileges needed. The vulnerability requires local access and no user interaction is needed for exploitation (Vendor Advisory).

MediaTek has released security patches for the affected devices. Device OEMs were notified of the issues and corresponding security patches at least two months before the public disclosure. Users should ensure their devices are updated with the latest security patches (Vendor Advisory).