CVE-2021-3319: 
NixOS vulnerability analysis and mitigation

CVE-2021-3319 is a vulnerability in Zephyr versions >= 2.4.0 that involves incorrect 802154 Frame Validation for Omitted Source/Destination Addresses. The vulnerability was disclosed on October 5, 2021, and affects the Zephyr operating system's IEEE 802.15.4 frame validation implementation (Zephyr Advisory).

The vulnerability stems from improper processing of omitted source and destination addresses in IEEE 802.154 frame validation (ieee802154validateframe). The bug results in value '2' being treated as a struct pointer within 802154 logic, where bytes at addresses 2-8 are endianness swapped. This affects the initial stack pointer and reset vector address in cases where IVT is mapped at address 0. The vulnerability is classified as both a NULL Pointer Dereference (CWE-476) and an Attempt to Access Child of a Non-structure Pointer (CWE-588). The CVSS v3.1 base score is 6.5 (Medium) with vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:H (Zephyr Advisory).

The primary impact of this vulnerability is a denial of service (crash of firmware) in most cases. In specific niche situations, there is potential for Remote Code Execution (RCE) by an attacker. The vulnerability could allow an attacker to change the initial stack pointer and reset vector address on some systems, potentially leading to attacker-controlled code being executed during device reset (Zephyr Advisory).

The vulnerability was patched in Zephyr version 2.5.0. The fix involves ensuring that frame validation fails if no valid address is present outside the IEEE802154ADDRMODE_NONE address type. For systems that cannot be immediately updated, no specific workarounds were provided (Zephyr Advisory).