CVE-2023-32824: 
NixOS vulnerability analysis and mitigation

CVE-2023-32824 is a security vulnerability discovered in MediaTek's rpmb component. The vulnerability was disclosed in October 2023 and affects various MediaTek chipsets running Android 12.0 and 13.0. The issue involves a possible double free vulnerability due to improper locking mechanisms (MediaTek Bulletin).

The vulnerability is classified as a Double Free (CWE-415) issue that occurs in the rpmb component due to improper locking implementation. It has been assigned a CVSS v3.1 base score of 6.7 (Medium) with the vector string CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H, indicating local access requirements with high privileges needed (NVD).

The vulnerability could lead to local escalation of privilege with System execution privileges needed. No user interaction is required for exploitation (MediaTek Bulletin).

The vulnerability affects multiple MediaTek chipsets including MT6580, MT6739, MT6761, MT6762, MT6765, MT6768, MT6769, MT6779, MT6781, MT6785, MT6789, MT6833, MT6853, MT6873, MT6875, MT6877, MT6879, MT6883, MT6885, MT6889, MT6891, MT6893, MT6895, MT6983, MT6985, MT8666, MT8765, and MT8788 running Android 12.0 and 13.0. Users should apply security updates provided by their device manufacturers (MediaTek Bulletin).