CVE-2025-20746: 
NixOS vulnerability analysis and mitigation

In gnss service, there is a possible out of bounds write due to an incorrect bounds check. This vulnerability, identified as CVE-2025-20746, was discovered and disclosed in November 2025. The vulnerability affects multiple MediaTek chipsets including MT2718, MT2737, MT6835, MT6878, MT6886, MT6897, MT6899, MT6982, MT6985, MT6986, MT6986D, MT6989, MT6990, MT6991, MT8676, MT8678, MT8755, and MT8893 (MediaTek Bulletin).

The vulnerability is classified as a Stack Overflow (CWE-121) with a CVSS v3.1 base score of 6.7 (Medium). The attack requires local access with high privileges, but no user interaction is needed for exploitation. The vulnerability stems from an improper bounds check in the GNSS service component (NVD).

If exploited, this vulnerability could lead to local escalation of privilege if a malicious actor has already obtained System privileges. The vulnerability affects various software platforms including OpenWrt 21.02.0 and 23.05.0, Yocto 4.0, Android 14.0 and 15.0, RDK-B 2024Q1, and Zephyr 3.7.0 (NVD).

MediaTek has released security patches for the affected chipsets. Device OEMs were notified of the issues and corresponding security patches at least two months before the public disclosure. At the time of disclosure, MediaTek was not aware of any active exploitation of this vulnerability in the wild (MediaTek Bulletin).