CVE-2023-32880: 
NixOS vulnerability analysis and mitigation

CVE-2023-32880 is a security vulnerability discovered in the battery component of MediaTek chipsets. The vulnerability was disclosed in January 2024 and affects Android versions 12.0 and 13.0 running on various MediaTek chipset models. The issue stems from a missing bounds check that could lead to information disclosure (MediaTek Bulletin, NVD).

The vulnerability is classified as a medium severity out-of-bounds read issue (CWE-125). It received a CVSS v3.1 base score of 4.4 (MEDIUM) with the vector string CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N. The vulnerability exists in the battery component where a missing bounds check could allow unauthorized access to system information (NVD).

If exploited, this vulnerability could lead to local information disclosure, but only if the attacker has already obtained System execution privileges. The vulnerability does not require user interaction for exploitation (MediaTek Bulletin).

The vulnerability affects multiple MediaTek chipsets including MT6762, MT6765, MT6833, MT6879, MT6883, MT6885, MT6983, and various MT81xx series models. MediaTek has addressed this issue and provided security patches to device manufacturers (MediaTek Bulletin).