CVE-2023-20772: 
NixOS vulnerability analysis and mitigation

CVE-2023-20772 is a security vulnerability discovered in MediaTek's vow component. The vulnerability was disclosed in July 2023 and affects various MediaTek chipsets running Android 12.0 and 13.0. The issue stems from a missing permission check that could lead to local privilege escalation (MediaTek Bulletin).

The vulnerability is classified as a medium severity issue with a CVSS v3.1 base score of 6.7 MEDIUM (CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H). It is categorized as CWE-862 (Missing Authorization) and represents an improper authentication vulnerability. The issue exists in the vow component where a missing permission check could allow privilege escalation without requiring additional execution privileges (NVD).

The vulnerability could allow a local attacker to achieve escalation of privilege without requiring additional execution privileges. No user interaction is needed for exploitation, making it particularly concerning for system security (MediaTek Bulletin).

The vulnerability affects multiple MediaTek chipsets including MT6580, MT6735, MT6737, MT6739, MT6753, MT6761, MT6765, MT6768, MT6771, MT6779, MT6781, MT6785, MT6789, MT6833, MT6835, MT6853, MT6853T, MT6855, MT6873, MT6877, MT6879, MT6883, MT6885, MT6886, MT6889, MT6893, MT6895, MT6983, MT6985, MT8781, MT8791, MT8791T, and MT8797. Device manufacturers have been notified and provided with security patches (MediaTek Bulletin).