CVE-2023-20809: 
NixOS vulnerability analysis and mitigation

CVE-2023-20809 is a medium severity vulnerability discovered in MediaTek's vdec component. The vulnerability was identified and disclosed in August 2023, affecting various MediaTek chipsets running Android 10.0 and 11.0. The issue stems from a missing bounds check that could potentially lead to an out-of-bounds write condition (MediaTek Bulletin).

The vulnerability is classified as an Out-of-bounds Write (CWE-787) with a medium severity rating. It affects the video decoder (vdec) component of MediaTek systems. The vulnerability requires system execution privileges for exploitation, and no user interaction is needed for exploitation. The issue has been assigned CVSS v3.1 base score of 6.7 MEDIUM (Vector: CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H) (NVD).

If exploited, this vulnerability could lead to local escalation of privilege on affected devices. The vulnerability affects numerous MediaTek chipset models including MT5583, MT5691, MT5695, and various MT90xx series chips running Android versions 10.0 and 11.0 (MediaTek Bulletin).

MediaTek has addressed this vulnerability through security patches and has notified device OEMs of the issue. The fix was included in the August 2023 security bulletin, with OEMs being notified at least two months prior to public disclosure (MediaTek Bulletin).