CVE-2024-20007: 
NixOS vulnerability analysis and mitigation

CVE-2024-20007 is a vulnerability discovered in MediaTek's mp3 decoder component. The vulnerability was disclosed on February 5, 2024, and affects various MediaTek chipsets running Android versions 12.0, 13.0, and 14.0. The issue involves an out-of-bounds write vulnerability due to a race condition (Vendor Advisory).

The vulnerability is classified as a high-severity issue with a CVSS v3.1 base score of 7.5 (HIGH). It is categorized under CWE-787 (Out-of-bounds Write) and CWE-362 (Race Condition). The vulnerability exists in the mp3 decoder component and could be triggered through a race condition that leads to an out-of-bounds write condition (NVD).

If exploited, this vulnerability could lead to remote escalation of privilege with no additional execution privileges needed. The exploitation requires user interaction, potentially affecting numerous MediaTek chipsets including MT6580, MT6739, MT6761, MT6762, MT6765, and many others across various Android versions (Vendor Advisory).

MediaTek has released patches for the affected devices. The vulnerability has been addressed in the February 2024 security update. Device manufacturers have been notified of the issues and corresponding security patches at least two months before publication (Vendor Advisory).