CVE-2024-20081: 
NixOS vulnerability analysis and mitigation

CVE-2024-20081 is a medium severity vulnerability discovered in the GNSS service affecting various MediaTek chipsets. The vulnerability was disclosed on July 1, 2024, and involves an out-of-bounds write issue due to improper input validation. The affected systems include Android 13.0 and 14.0, openWRT 19.07, 21.02, 23.05, Yocto 2.6, 3.3, 4.0, and RDK-B 22Q3 running on multiple MediaTek chipset models (MediaTek Bulletin).

The vulnerability is classified as CWE-787 (Out-of-bounds Write) with a CVSS v3.1 base score of 6.7 (Medium). The technical assessment shows the following vector string: CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H, indicating local access vector, low attack complexity, high privileges required, and no user interaction needed for exploitation (NVD).

A successful exploitation of this vulnerability could lead to local escalation of privilege if an attacker has already obtained System execution privileges. The vulnerability affects multiple MediaTek chipset models including MT2735, MT2737, MT6761, MT6765, and several others in the MT series (MediaTek Bulletin).

MediaTek has notified device OEMs of the issue and provided corresponding security patches at least two months before the public disclosure. Users are advised to update their devices with the latest security patches when available from their device manufacturers (MediaTek Bulletin).