CVE-2024-20002: 
NixOS vulnerability analysis and mitigation

CVE-2024-20002 is a security vulnerability discovered in MediaTek's TVAPI component. The vulnerability was disclosed in February 2024 and affects various MediaTek TV chipsets running Android versions 11.0 through 14.0. The issue stems from a missing bounds check in TVAPI that could potentially lead to an out-of-bounds write condition (MediaTek Bulletin).

The vulnerability is classified as a CWE-787 (Out-of-bounds Write) issue with a CVSS v3.1 Base Score of 6.7 MEDIUM (Vector: CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H). The technical nature of the vulnerability involves a missing bounds check in the TVAPI component, which could be exploited by an attacker who has already obtained System execution privileges (NVD).

A successful exploitation of this vulnerability could allow a local attacker to achieve escalation of privilege if they have already obtained System execution privileges. The vulnerability affects multiple MediaTek TV chipset models, including MT5583, MT5586, MT5691, MT5695, MT5696, and various MT90xx series chips (MediaTek Bulletin).

MediaTek has addressed this vulnerability and notified device OEMs of the security patches at least two months before the public disclosure. The fix has been made available for affected devices running Android versions 11.0, 12.0, 13.0, and 14.0 (MediaTek Bulletin).