CVE-2023-20832: 
NixOS vulnerability analysis and mitigation

CVE-2023-20832 is a security vulnerability discovered in the GPS component of MediaTek chipsets. The vulnerability was identified with a medium severity rating and affects multiple MediaTek chipset models. The issue was disclosed in September 2023 as part of MediaTek's Product Security Bulletin (MediaTek Bulletin).

The vulnerability is characterized as an out-of-bounds write vulnerability due to a missing bounds check in the GPS component. It has been assigned a CVSS v3.1 base score of 6.7 (Medium) with the vector string CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H. The vulnerability is classified under CWE-787 (Out-of-bounds Write) (NVD).

The vulnerability could lead to local escalation of privilege with System execution privileges needed. The exploitation does not require user interaction, making it particularly concerning for system security. The vulnerability affects various software versions including Android 12.0, 13.0, OpenWrt 1907, 2102, Yocto 2.6, and RDK-B 22Q3 (MediaTek Bulletin).

MediaTek has addressed this vulnerability through security patches identified by Patch ID: ALPS08014144 and Issue ID: ALPS08013530. The fix has been distributed to device manufacturers for implementation (MediaTek Bulletin).