CVE-2023-20761: 
NixOS vulnerability analysis and mitigation

CVE-2023-20761 is a security vulnerability discovered in the ril (Radio Interface Layer) component affecting MediaTek chipsets. The vulnerability was disclosed in July 2023 and affects various MediaTek chipsets used in smartphones and tablets running Android versions 12.0 and 13.0. This vulnerability is classified as a medium severity issue that could potentially lead to local privilege escalation (MediaTek Bulletin, NVD).

The vulnerability is characterized as an improper input validation issue in the ril component, specifically due to a missing bounds check which could result in an out-of-bounds write condition. The vulnerability has been assigned a CVSS v3.1 base score of 6.7 (Medium) with the vector string CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H. The vulnerability is tracked under CWE-20 (Improper Input Validation) (NVD).

If exploited, this vulnerability could lead to local escalation of privilege with System execution privileges. The successful exploitation requires no user interaction, though it does require local access to the device. The vulnerability affects numerous MediaTek chipsets including MT6739, MT6761, MT6762, MT6763, MT6765, MT6768, and many others (MediaTek Bulletin).

MediaTek has addressed this vulnerability and notified device OEMs of the security patches at least two months before the public disclosure. Users are advised to apply any security updates provided by their device manufacturers to mitigate this vulnerability (MediaTek Bulletin).