CVE-2023-32836: 
NixOS vulnerability analysis and mitigation

CVE-2023-32836 is a high-severity vulnerability discovered in MediaTek's display component, affecting various Android devices. The vulnerability was disclosed in November 2023 and impacts MediaTek chipsets MT6893, MT6895, MT6983, MT6985, MT8797, and MT8798 running Android versions 11.0, 12.0, and 13.0 (MediaTek Bulletin).

The vulnerability is classified as an out-of-bounds write vulnerability (CWE-787) caused by an integer overflow in the display component. The vulnerability has been assigned a CVSS v3.1 base score of 6.7 (Medium), with the vector string CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H (NVD).

If exploited, this vulnerability could lead to local escalation of privilege with System execution privileges. The successful exploitation could allow an attacker to gain elevated system privileges on the affected device (MediaTek Bulletin).

MediaTek has addressed this vulnerability and provided patches to device manufacturers. The fix was included in the November 2023 security updates. Device manufacturers have been notified of the issue and corresponding security patches at least two months before publication (MediaTek Bulletin).