CVE-2021-3322: 
NixOS vulnerability analysis and mitigation

CVE-2021-3322 is a vulnerability discovered in Zephyr versions >= 2.4.0 that involves unexpected pointer aliasing in IEEE 802154 Fragment Reassembly. The vulnerability was disclosed on October 12, 2021, affecting the Zephyr operating system's network stack implementation (Zephyr Advisory).

The vulnerability is classified as a NULL Pointer Dereference (CWE-476) issue that occurs in the fragment reassembly cache handling when a fragment is typed for fragmentation but contains the full payload. The bug exists in the fragment reassembly logic within subsys/net/l2/ieee802154/ieee802154_fragment.c. The issue arises when the currently added packet is also the start of the cache list, which happens if the first packet sent contains the full payload. This leads to an unexpected alias between two pointers, and cleanup logic corrupts the packet structure (Zephyr Advisory). The vulnerability has a CVSS v3.1 base score of 6.5 (Medium) with vector: CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H (NVD).

The vulnerability results in a Denial of Service (DoS) condition where an attacker can crash the target system by sending a single malformed IEEE 802154 fragment. When exploited, it leads to a NULL pointer dereference as an assumed-to-be-valid pointer to a network packet structure (Zephyr Advisory).

The vulnerability has been patched in Zephyr version 2.5.0. The fix involves adding a check to the reassembly logic for the packet which is being added to verify if it's also the first one. The patch prevents the pointer aliasing issue that leads to the NULL pointer dereference (Zephyr Advisory).