CVE-2023-20846: 
NixOS vulnerability analysis and mitigation

CVE-2023-20846 is a medium severity vulnerability discovered in MediaTek's imgsys_cmdq component. The vulnerability was identified and disclosed in September 2023, affecting various MediaTek chipsets including MT6895, MT6897, MT6983, MT8188, MT8195, MT8395, and MT8781. The issue exists in multiple software versions including Android 11.0, 12.0, Linux 6.1, IOT-v23.0, and Yocto 4.0 (Vendor Advisory).

The vulnerability is classified as an out-of-bounds read vulnerability (CWE-125) that occurs due to missing valid range checking in the imgsys_cmdq component. The vulnerability has been assigned a CVSS v3.1 Base Score of 4.2 (Medium) with the vector string CVSS:3.1/AV:L/AC:L/PR:H/UI:R/S:U/C:H/I:N/A:N, indicating local access requirements and high privileges needed for exploitation (NVD).

If exploited, this vulnerability could lead to local information disclosure with System execution privileges required. The impact is limited to information disclosure without affecting system integrity or availability (Vendor Advisory).

MediaTek has addressed this vulnerability through security patches identified as Patch ID: ALPS07354023. Users and manufacturers using affected devices should ensure they have applied the latest security updates provided by their device manufacturers (Vendor Advisory).