CVE-2023-32875: 
NixOS vulnerability analysis and mitigation

CVE-2023-32875 is a medium severity vulnerability discovered in MediaTek's keyInstall component. The vulnerability was disclosed in January 2024 and affects multiple MediaTek chipsets running Android versions 11.0, 12.0, and 13.0. The issue stems from a missing bounds check that could lead to information disclosure when exploited (Vendor Advisory).

The vulnerability is classified as an out-of-bounds read (CWE-125) in the keyInstall component. It received a CVSS v3.1 base score of 4.4 (Medium) with the vector string CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N, indicating local access, low attack complexity, high privileges required, and no user interaction needed for exploitation (NVD).

If exploited, the vulnerability could lead to local information disclosure, but only if the attacker has already obtained System execution privileges. The impact is limited to information disclosure with no ability to modify or destroy data (Vendor Advisory).

MediaTek has addressed this vulnerability and notified device OEMs of the security patches at least two months before publication. Affected devices running Android 11.0, 12.0, or 13.0 should be updated with the latest security patches provided by their respective device manufacturers (Vendor Advisory).