CVE-2023-20786: 
NixOS vulnerability analysis and mitigation

CVE-2023-20786 is a medium severity vulnerability discovered in MediaTek's GPS component. The vulnerability was disclosed on August 7, 2023, affecting various MediaTek chipsets running Android 12.0 and 13.0. The issue stems from a missing bounds check in the GPS component that could lead to an out-of-bounds write condition (MediaTek Bulletin).

The vulnerability is classified as an improper input validation issue (CWE-20) that could result in an out-of-bounds write condition. It has been assigned a CVSS v3.1 base score of 6.7 (Medium) with the vector string CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H, indicating local access requirements with high privileges needed (NVD).

The vulnerability could allow a local attacker to perform an escalation of privilege with System execution privileges. The exploitation does not require user interaction, potentially allowing attackers to gain elevated system access on affected devices (MediaTek Bulletin).

The vulnerability affects multiple MediaTek chipsets including MT2713, MT6580, MT6739, MT6761, MT6765, MT6768, MT6779, and several others running Android 12.0 and 13.0. MediaTek has released patches to address this vulnerability, and device manufacturers have been notified of the security patches at least two months before public disclosure (MediaTek Bulletin).