CVE-2021-3570: 
NixOS vulnerability analysis and mitigation

A vulnerability (CVE-2021-3570) was discovered in the ptp4l program of the linuxptp package, which implements the Precision Time Protocol (PTP) for Linux. The vulnerability stems from a missing length check when forwarding PTP messages between ports. This flaw affects linuxptp versions before 3.1.1, before 2.0.1, before 1.9.3, before 1.8.1, before 1.7.1, before 1.6.1, and before 1.5.1 (NVD, Red Hat Bugzilla).

The vulnerability occurs when ptp4l forwards PTP messages between ports. The code uses the messageLength field as the length of transmitted data but fails to validate if this value exceeds the actual length of the received message. The issue has been assigned a CVSS v3.1 base score of 8.8 (HIGH) with the vector CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H. The vulnerability is classified as CWE-787 (Out-of-bounds Write) and CWE-119 (Improper Restriction of Operations within the Bounds of a Memory Buffer) (NVD).

The vulnerability can allow a remote attacker to cause information leaks, system crashes, or potentially achieve remote code execution. The highest threats from this vulnerability are to data confidentiality and integrity as well as system availability. On little-endian architectures, the vulnerability becomes particularly dangerous as attackers can craft management messages that cause heap memory corruption during host-to-network order conversion (Red Hat Bugzilla).

The vulnerability has been fixed in multiple versions of linuxptp: version 3.1.1, 2.0.1, 1.9.3, 1.8.1, 1.7.1, 1.6.1, and 1.5.1. Various Linux distributions have released security updates, including Debian (version 1.9.2-1+deb10u1 for buster), Fedora 33 (version 3.1.1-1.fc33), and Fedora 34 (version 3.1.1-1.fc34) (Debian Security, Fedora Update).