CVE-2023-32861: 
NixOS vulnerability analysis and mitigation

CVE-2023-32861 is a security vulnerability discovered in the display component of Android devices using MediaTek chipsets. The vulnerability was disclosed on December 4, 2023, and affects Android versions 12.0 and 13.0. The issue involves an out-of-bounds read vulnerability due to an incorrect bounds check in the display component (MediaTek Bulletin, NVD).

The vulnerability is classified as an out-of-bounds read (CWE-125) vulnerability in the display component. It received a CVSS v3.1 base score of 6.7 (Medium), with the vector string CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H. The issue occurs due to an incorrect bounds check implementation that could allow unauthorized memory access (NVD).

If exploited, this vulnerability could lead to local escalation of privilege with System execution privileges needed. The vulnerability requires no user interaction for exploitation, potentially allowing an attacker to gain elevated system access (MediaTek Bulletin).

The vulnerability affects multiple MediaTek chipsets including MT6761, MT6765, MT6768, MT6779, MT6781, MT6785, MT6789, MT6833, MT6835, MT6853, MT6855, MT6873, MT6877, MT6879, MT6883, MT6885, MT6886, MT6889, MT6893, MT6895, MT6983, MT6985, MT8167, MT8168, MT8188, MT8195, MT8673. Device manufacturers have been notified and security patches have been made available (MediaTek Bulletin).