CVE-2024-20010: 
NixOS vulnerability analysis and mitigation

CVE-2024-20010 is a high-severity vulnerability discovered in MediaTek's keyInstall component. The vulnerability was identified and reported internally to MediaTek, with the CVE being created on November 2, 2023. It affects multiple MediaTek chipsets running Android versions 11.0, 12.0, and 13.0, including various MT series processors used in mobile and tablet devices (MediaTek Bulletin).

The vulnerability is classified as a type confusion issue (CWE-843: Access of Resource Using Incompatible Type) in the keyInstall component. It has received a CVSS v3.1 base score of 6.7 (MEDIUM) with the vector string CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H, indicating local access vector, low attack complexity, high privileges required, and no user interaction needed for exploitation (NVD).

The vulnerability could lead to local escalation of privilege if successfully exploited. An attacker who has already obtained System execution privileges could potentially elevate their privileges further on the affected device (MediaTek Bulletin).

MediaTek has addressed this vulnerability and notified device OEMs of the security patches at least two months before the public disclosure. Users should ensure their devices are updated with the latest security patches provided by their device manufacturers (MediaTek Bulletin).