CVE-2020-10069: 
NixOS vulnerability analysis and mitigation

CVE-2020-10069 affects the Zephyr operating system's Bluetooth implementation. The vulnerability was discovered in versions >= v1.14.2 and >= v2.2.0, where unchecked packet data in the Bluetooth component could lead to denial of service conditions. The issue was publicly disclosed on May 25, 2021, and involves improper handling of parameters (CWE-233) (Zephyr Advisory).

The vulnerability is characterized by improper handling of parameters in the Bluetooth implementation, which can result in an assertion failure or division by zero condition. The severity of this vulnerability has been assessed with multiple CVSS scores: NVD assigned a CVSS v3.1 Base Score of 6.5 (MEDIUM) with vector AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H, while the Zephyr Project assigned a score of 4.3 (MEDIUM) with vector CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L (NVD).

When exploited, this vulnerability can cause a denial of service condition in affected Zephyr systems. The impact is limited to availability, with no direct effect on confidentiality or integrity of the system (Zephyr Advisory).

The vulnerability has been patched in multiple versions: v1.14-branch through PR #23091, v2.2.0 through PR #23963, and v2.3.0 through PRs #23705 and #23706. Users are advised to upgrade to these patched versions to mitigate the vulnerability (Zephyr Advisory).