CVE-2023-20787: 
NixOS vulnerability analysis and mitigation

CVE-2023-20787 is a medium severity vulnerability discovered in MediaTek's thermal component. The vulnerability was disclosed in August 2023 and affects various MediaTek chipsets running Android 12.0, including MT6739, MT6761, MT6765, MT6768, MT6771, MT6779, MT6781, MT6785, MT6833, MT6853, MT6873, MT6877, MT6883, MT8167, MT8167S, MT8168, MT8321, MT8362A, and MT8365 (MediaTek Bulletin).

The vulnerability is classified as a Time-of-check Time-of-use (TOCTOU) race condition vulnerability (CWE-367) that could lead to a use-after-free condition. The CVSS v3.1 base score is 6.4 (Medium) with the vector string CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H (NVD).

If exploited, this vulnerability could lead to local escalation of privilege with System execution privileges. The impact is limited by the requirement of high privileges for exploitation, though user interaction is not needed (MediaTek Bulletin).

MediaTek has addressed this vulnerability and notified device OEMs of the security patches at least two months before publication. Users should ensure their devices are updated with the latest security patches provided by their device manufacturers (MediaTek Bulletin).