CVE-2023-20711: 
NixOS vulnerability analysis and mitigation

In keyinstall, there is a possible out of bounds read vulnerability due to a missing bounds check. The vulnerability was discovered in May 2023 and affects MediaTek chipsets running Android versions 11.0, 12.0, and 13.0. This vulnerability has been assigned CVE-2023-20711 and has been rated as MEDIUM severity with a CVSS v3.1 base score of 4.4 (NVD, MediaTek Bulletin).

The vulnerability is classified as an Out-of-bounds Read (CWE-125) issue that occurs in the keyinstall component. It requires System execution privileges for exploitation and no user interaction is needed. The CVSS vector string is CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N, indicating local access, low attack complexity, high privileges required, and potential for high confidentiality impact (NVD).

The vulnerability could lead to local information disclosure if exploited successfully. Since it requires System execution privileges, the impact is somewhat limited but could still result in unauthorized access to sensitive information on affected devices (MediaTek Bulletin).

MediaTek has released security patches for the affected chipsets. Device OEMs were notified of the issues and corresponding security patches at least two months before the public disclosure. Users should ensure their devices are updated with the latest security patches (MediaTek Bulletin).