CVE-2021-3430: 
NixOS vulnerability analysis and mitigation

CVE-2021-3430 is a vulnerability affecting Zephyr versions >= v1.14, which involves a reachable assertion condition triggered by repeated LL_CONNECTION_PARAM_REQ. The vulnerability was discovered in the Bluetooth functionality of the Zephyr operating system and was later patched in version 2.6.0 (Zephyr Advisory).

The vulnerability is classified as CWE-617 (Reachable Assertion) with a CVSS v3.1 base score of 7.5 (HIGH) according to NVD assessment, while Zephyr Project rated it at 6.5 (MEDIUM). The CVSS vector string is CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H, indicating that the vulnerability can be exploited remotely with low attack complexity, requires no privileges or user interaction, and primarily impacts system availability (NVD Database).

The vulnerability affects system availability through an assertion failure, which could potentially lead to system crashes or denial of service when exploited. The impact is primarily focused on the availability aspect, with no direct effect on confidentiality or integrity of the system (NVD Database).

The vulnerability has been patched in Zephyr version 2.6.0. Fixes were implemented through multiple pull requests: #33272 for main branch, #33369 for v2.5, and #33759 for v1.14 (Zephyr Advisory).