CVE-2023-20780: 
NixOS vulnerability analysis and mitigation

CVE-2023-20780 is a high-severity vulnerability discovered in MediaTek's keyinstall component. The vulnerability stems from a missing bounds check that could lead to information disclosure. This security flaw affects multiple MediaTek chipsets running Android versions 11.0, 12.0, and 13.0, including various MT series processors (Vendor Advisory).

The vulnerability is classified as an Improper Input Validation (CWE-20) issue. It has been assigned a CVSS v3.1 Base Score of 4.4 (Medium) with the vector string CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N. The vulnerability exists in the keyinstall component and requires System execution privileges for exploitation, though no user interaction is needed (NVD Database).

The vulnerability can lead to local information disclosure when exploited. The attack requires System execution privileges but does not need user interaction for successful exploitation. The impact is limited to information disclosure without affecting system integrity or availability (Vendor Advisory).

MediaTek has addressed this vulnerability in their August 2023 security bulletin. Device OEMs have been notified of the issues and corresponding security patches at least two months before publication. Users should ensure their devices are updated with the latest security patches provided by their device manufacturers (Vendor Advisory).

The vulnerability was part of Android's August 2023 security patches, which addressed over 40 vulnerabilities in total. It was one of the significant vulnerabilities that required attention in MediaTek components (Cybersecurity News).