CVE-2024-20086: 
NixOS vulnerability analysis and mitigation

CVE-2024-20086 is a vulnerability discovered in MediaTek's vdec component, reported in September 2024. The vulnerability is characterized by a possible out-of-bounds write condition due to a missing bounds check. This affects various MediaTek chipsets running Android 12.0, including MT6765, MT6768, MT6779, MT6785, and several MT8xxx series chips (MediaTek Bulletin).

The vulnerability is classified as CWE-787 (Out-of-bounds Write) with a CVSS v3.1 base score of 6.7 (Medium severity) according to NVD's assessment. The attack vector is local (AV:L), with low attack complexity (AC:L), requiring high privileges (PR:H), and no user interaction (UI:N). The scope is unchanged (S:U), with high impacts on confidentiality, integrity, and availability (C:H/I:H/A:H) (NVD).

The vulnerability could lead to local escalation of privilege if a malicious actor has already obtained System execution privileges. The impact is significant as it affects multiple MediaTek chipsets and could potentially compromise system security (MediaTek Bulletin).

MediaTek has notified device OEMs of the issue and provided corresponding security patches at least two months before the public disclosure. The vulnerability affects Android 12.0 systems, and users should apply security updates when available from their device manufacturers (MediaTek Bulletin).