CVE-2023-32872: 
NixOS vulnerability analysis and mitigation

CVE-2023-32872 is a high-severity vulnerability discovered in MediaTek's keyInstall functionality. The vulnerability, identified in January 2024, affects various MediaTek chipsets running Android versions 11.0, 12.0, and 13.0. The issue stems from a possible out-of-bounds write due to a missing bounds check, which could lead to local escalation of privilege with System execution privileges (MediaTek Bulletin).

The vulnerability is classified as CWE-787 (Out-of-bounds Write) with a CVSS v3.1 Base Score of 6.7 (Medium). The attack vector is local (AV:L), with low attack complexity (AC:L), requiring high privileges (PR:H), and no user interaction (UI:N). The scope is unchanged (S:U), with high impacts on confidentiality, integrity, and availability (C:H/I:H/A:H) (NVD).

If exploited, this vulnerability could allow an attacker who has already obtained System privileges to perform local escalation of privilege. The vulnerability affects a wide range of MediaTek chipsets, including MT6580, MT6731, MT6735, MT6737, MT6739, and many others, potentially impacting numerous Android devices running versions 11.0 through 13.0 (MediaTek Bulletin).

MediaTek has released security patches for the affected devices. Device OEMs were notified of the issues and corresponding security patches at least two months before the public disclosure. Users are advised to ensure their devices are updated with the latest security patches (MediaTek Bulletin).