CVE-2023-32889: 
NixOS vulnerability analysis and mitigation

A vulnerability identified as CVE-2023-32889 was discovered in MediaTek's Modem IMS Call UA component. The vulnerability was disclosed in January 2024 and affects various MediaTek chipsets running Modem versions NR15, NR16, and NR17. This security flaw is characterized by an out-of-bounds write condition that occurs due to a missing bounds check (Vendor Advisory).

The vulnerability is classified as a CWE-787 Out-of-bounds Write issue. It received a CVSS v3.1 Base Score of 7.5 (HIGH), with a vector string of CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H, indicating network accessibility, low attack complexity, and no required privileges or user interaction (NVD).

When exploited, this vulnerability can lead to remote denial of service with no additional execution privileges needed. The attack requires no user interaction for exploitation, making it particularly concerning for affected devices (Vendor Advisory).

MediaTek has addressed this vulnerability through a security patch identified as MOLY01161825. The fix was included in the January 2024 security bulletin, and device manufacturers have been notified of the issue and corresponding security patches at least two months before publication (Vendor Advisory).