CVE-2023-20723: 
NixOS vulnerability analysis and mitigation

A vulnerability identified as CVE-2023-20723 was discovered in the Bluetooth component affecting MediaTek chipsets. The vulnerability was disclosed on June 6, 2023, and affects Android versions 11.0, 12.0, and 13.0 running on MediaTek MT8167, MT8175, and MT8183 chipsets. This security flaw is characterized as an out-of-bounds read vulnerability due to a missing bounds check (MediaTek Bulletin).

The vulnerability is classified as a CWE-125 (Out-of-bounds Read) type vulnerability with a CVSS v3.1 base score of 6.7 MEDIUM (Vector: CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H). The technical issue stems from improper bounds checking in the Bluetooth component, which could allow unauthorized access to memory locations (NVD).

The vulnerability could lead to local escalation of privilege when exploited successfully. The attack requires System execution privileges, and no user interaction is needed for exploitation. The scope of impact is limited to devices running the affected MediaTek chipsets with the vulnerable Bluetooth implementation (MediaTek Bulletin).

MediaTek has released security patches to address this vulnerability. The fix is identified by Patch ID: ALPS07843845. Device manufacturers using the affected chipsets should apply the security updates provided by MediaTek (MediaTek Bulletin).