CVE-2021-3581: 
NixOS vulnerability analysis and mitigation

A Buffer Access vulnerability with Incorrect Length Value (CVE-2021-3581) was discovered in Zephyr versions 2.5.0 and above. The vulnerability was disclosed on October 5, 2021, affecting the Zephyr Real-Time Operating System (RTOS). This security flaw was identified in the Bluetooth protocol stack implementation (Zephyr Advisory).

The vulnerability stems from insufficient length validation during the SCAN_RSP HCI command processing in the Zephyr Bluetooth protocol stack. The issue is classified as CWE-805 (Buffer Access with Incorrect Length Value) and has been assigned a CVSS v3.1 base score of 8.8 (HIGH) by NIST with a vector of CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H. The Zephyr Project separately assessed it with a CVSS score of 7.0 (HIGH) with vector CVSS:3.1/AV:P/AC:H/PR:N/UI:R/S:C/C:H/I:H/A:H (NVD).

The vulnerability can lead to memory overflow conditions where data in memory can be overwritten. This could potentially result in arbitrary code execution. The high severity ratings indicate significant potential impacts on system confidentiality, integrity, and availability (Zephyr Advisory).

The vulnerability has been patched in Zephyr version 2.6.0. Fixes were also provided for various branches including main (#35935), v2.5 (#35984), v2.4 (#35985), and v1.14 (#35983). Users are advised to upgrade to the patched versions to mitigate this vulnerability (Zephyr Advisory).