CVE-2023-20773: 
NixOS vulnerability analysis and mitigation

CVE-2023-20773 is a security vulnerability discovered in MediaTek's vow component that was disclosed in July 2023. The vulnerability is characterized by a missing permission check that could lead to local escalation of privilege. The issue affects various MediaTek chipsets running Android versions 12.0 and 13.0 (MediaTek Bulletin).

The vulnerability has been assigned a CVSS v3.1 base score of 7.8 HIGH with the vector string CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H. The issue stems from improper authentication (CWE-287) in the vow component, where a missing permission check creates a security gap. No additional execution privileges are required to exploit this vulnerability, and user interaction is not needed for exploitation (NVD).

The vulnerability allows local attackers to escalate privileges on affected systems. Since no additional execution privileges are needed for exploitation and user interaction is not required, the impact is considered significant as it could lead to unauthorized privilege elevation on affected devices (MediaTek Bulletin).

The vulnerability affects multiple MediaTek chipsets including MT6580, MT6735, MT6737, MT6739, MT6753, MT6761, MT6765, MT6768, MT6771, MT6779, MT6781, MT6785, MT6789, MT6833, MT6835, MT6853, MT6853T, MT6855, MT6873, MT6877, MT6879, MT6883, MT6885, MT6886, MT6889, MT6893, MT6895, MT6983, MT6985, MT8781, MT8791, MT8791T, and MT8797. Users should update their devices to the latest available firmware version that includes the security patch (MediaTek Bulletin).