CVE-2023-20750: 
NixOS vulnerability analysis and mitigation

CVE-2023-20750 is a security vulnerability discovered in MediaTek's swpm component that was disclosed in June 2023. The vulnerability involves a possible out-of-bounds write due to a race condition in the system. It affects various MediaTek chipsets including MT6835, MT6886, MT6983, MT6985, and several MT81xx series processors running Android 13.0 (MediaTek Bulletin).

The vulnerability is classified with a CVSS v3.1 Base Score of 4.1 (Medium) with the vector string CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:H/I:N/A:N. It is associated with two Common Weakness Enumeration (CWE) categories: CWE-362 (Concurrent Execution using Shared Resource with Improper Synchronization) and CWE-787 (Out-of-bounds Write) (NVD).

The vulnerability can lead to local information disclosure when exploited. The attack requires System execution privileges, but no user interaction is needed for exploitation. The impact is limited to information disclosure without affecting system integrity or availability (MediaTek Bulletin).

MediaTek has addressed this vulnerability through security patches and notified device OEMs of the issues and corresponding security patches at least two months before publication. The fix is identified by Patch ID: ALPS07780926 and Issue ID: ALPS07780928 (MediaTek Bulletin).