CVE-2023-32864: 
NixOS vulnerability analysis and mitigation

CVE-2023-32864 is a medium severity vulnerability discovered in MediaTek's display DRM component. The vulnerability was disclosed in December 2023 and affects various MediaTek chipsets running Android 12.0 and 13.0. The issue involves an out-of-bounds write vulnerability due to an incorrect bounds check in the display DRM component (MediaTek Bulletin).

The vulnerability is classified as an out-of-bounds write (CWE-787) with a CVSS v3.1 Base Score of 6.7 (Medium). The vulnerability requires local access and high privileges for exploitation, but does not require user interaction. The attack vector is local (AV:L), with low attack complexity (AC:L), requiring high privileges (PR:H), and no user interaction (UI:N). The scope is unchanged (S:U), with high impacts on confidentiality (C:H), integrity (I:H), and availability (A:H) (NVD).

If exploited, this vulnerability could lead to local escalation of privilege with System execution privileges. The vulnerability affects multiple MediaTek chipset series including MT6761, MT6765, MT6768, MT6779, MT6781, MT6785, MT6789, MT6833, MT6835, MT6853, MT6855, MT6873, MT6877, MT6879, MT6883, MT6885, MT6886, MT6889, MT6893, MT6895, MT6983, MT6985, MT8168, MT8195, and MT8781 (MediaTek Bulletin).

MediaTek has addressed this vulnerability and notified device OEMs of the security patches at least two months before publication. Users should ensure their devices are updated with the latest security patches provided by their device manufacturers (MediaTek Bulletin).