CVE-2023-32822: 
NixOS vulnerability analysis and mitigation

CVE-2023-32822 is a vulnerability discovered in MediaTek's ftm component that was disclosed in October 2023. The vulnerability involves improper input validation that could lead to an out-of-bounds write due to a missing bounds check. This affects various MediaTek chipsets including MT2713, MT6739, MT6761, and several others when running Android 12.0 or 13.0 (Vendor Advisory).

The vulnerability is classified as a CWE-20 (Improper Input Validation) issue with a CVSS v3.1 Base Score of 6.7 (Medium severity). The attack requires local access and high privileges (CVSS Vector: AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H). The vulnerability specifically affects the ftm component where a missing bounds check could lead to an out-of-bounds write condition (NVD).

If exploited, this vulnerability could lead to local escalation of privilege with System execution privileges. The attack requires no user interaction for exploitation, potentially allowing an attacker with system-level access to elevate their privileges further (Vendor Advisory).

MediaTek has addressed this vulnerability and notified device OEMs of the security patches at least two months before publication. The fix is available for affected devices running Android 12.0 and 13.0 (Vendor Advisory).