CVE-2025-20747: 
NixOS vulnerability analysis and mitigation

CVE-2025-20747 is a medium severity vulnerability discovered in the GNSS (Global Navigation Satellite System) service of MediaTek chipsets. The vulnerability was disclosed on November 4, 2025, and involves an out-of-bounds write vulnerability due to an incorrect bounds check. This security flaw affects multiple MediaTek chipset models including MT2718, MT2737, MT6835, MT6878, MT6886, MT6897, MT6899, MT6982, MT6985, MT6986, MT6986D, MT6989, MT6990, MT6991, MT8676, MT8678, MT8755, and MT8893 (MediaTek Bulletin).

The vulnerability is classified as a Stack-based Buffer Overflow (CWE-121) and Out-of-bounds Write (CWE-787). According to the CVSS 3.1 scoring system, it has received a base score of 6.7 MEDIUM (Vector: CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H). The vulnerability requires local access and high privileges for exploitation, but no user interaction is needed (NVD).

If successfully exploited, this vulnerability could lead to local escalation of privilege, but only if the attacker has already obtained System privileges. The potential impact includes unauthorized elevation of privileges within the affected system (NVD).

MediaTek has addressed this vulnerability through a security patch (Patch ID: ALPS10010443; Issue ID: MSV-3966). Device OEMs were notified of the issue and corresponding security patches at least two months before the public disclosure (MediaTek Bulletin).