CVE-2023-32852: 
NixOS vulnerability analysis and mitigation

In cameraisp, there is a possible information disclosure vulnerability (CVE-2023-32852) affecting MediaTek MT6779 chipset. The vulnerability was discovered and disclosed in December 2023, affecting Android versions 11.0, 12.0, and 13.0. This security issue is due to improper input validation in the cameraisp component (MediaTek Bulletin).

The vulnerability is classified as a CWE-20 (Improper Input Validation) issue. It has been assigned a CVSS v3.1 base score of 4.4 MEDIUM (Vector: CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N). The vulnerability exists in the cameraisp component and could lead to local information disclosure when exploited (NVD).

If successfully exploited, this vulnerability could lead to local information disclosure with System execution privileges needed. The impact is limited to information disclosure without affecting system integrity or availability (MediaTek Bulletin).

The vulnerability has been addressed and patches have been provided to device OEMs. The fix was included in the December 2023 security updates. Device manufacturers have been notified of the issue and corresponding security patches at least two months before publication (MediaTek Bulletin).