CVE-2023-20803: 
NixOS vulnerability analysis and mitigation

CVE-2023-20803 is a medium severity vulnerability discovered in MediaTek's imgsys component. The vulnerability was disclosed on August 7, 2023, affecting various MediaTek chipsets running Android 12.0, 13.0, and IOT-v23.0 (Yocto 4.0) systems. The issue stems from improper input validation that could potentially lead to memory corruption (MediaTek Bulletin).

The vulnerability is classified as a memory corruption issue due to improper input validation in the imgsys component. It has been assigned a CVSS v3.1 base score of 6.5 (MEDIUM) with the vector string CVSS:3.1/AV:L/AC:L/PR:H/UI:R/S:U/C:H/I:H/A:H. The vulnerability is tracked under CWE-119 (Improper Input Validation) category (NVD).

If exploited, this vulnerability could allow an attacker to achieve local escalation of privilege with System execution privileges. The exploitation requires user interaction and could result in memory corruption on affected devices (MediaTek Bulletin).

The vulnerability affects multiple MediaTek chipsets including MT2713, MT6879, MT6895, MT6983, MT8188, MT8195, MT8395, and MT8673. MediaTek has released security patches to address this vulnerability. Device manufacturers using affected chipsets should update their systems with the latest security patches (MediaTek Bulletin).