CVE-2024-20012: 
NixOS vulnerability analysis and mitigation

CVE-2024-20012 is a type confusion vulnerability discovered in the keyInstall component affecting MediaTek chipsets. The vulnerability was disclosed on February 5, 2024, and affects various MediaTek chipset models running Android 12.0 and 13.0 operating systems. The vulnerability has been assigned a CVSS v3.1 base score of 6.7 (Medium) (NVD, MediaTek Bulletin).

The vulnerability is classified as CWE-843 (Access of Resource Using Incompatible Type - 'Type Confusion'). It exists in the keyInstall component and could lead to local escalation of privilege if exploited. The vulnerability has been assigned a CVSS v3.1 vector string of CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H, indicating local access, low attack complexity, high privileges required, and no user interaction needed for exploitation (NVD).

If successfully exploited, this vulnerability could lead to local escalation of privilege if a malicious actor has already obtained the System privilege. The vulnerability affects multiple MediaTek chipset models including MT6580, MT6731, MT6735, MT6737, MT6739, and many others (MediaTek Bulletin).

MediaTek has notified device OEMs of the issue and corresponding security patches at least two months before publication. Users should ensure their devices are updated with the latest security patches provided by their device manufacturers (MediaTek Bulletin).