CVE-2021-3966: 
NixOS vulnerability analysis and mitigation

The vulnerability (CVE-2021-3966) affects the USB device Bluetooth class in Zephyr versions prior to v3.0.0, discovered and disclosed on February 16, 2022. The vulnerability is related to a buffer overflow implementation in the netbufadd_mem function (GitHub Advisory).

The vulnerability stems from a buffer overflow in the USB device Bluetooth class implementation. When a Zephyr-powered USB Bluetooth device changes status to either configured or resumed, the aclreadcb function is called, which can lead to a buffer overflow condition. The issue occurs because netbufsimple_add does not verify if sufficient buffer space is available, only incrementing buf->len by the provided length and returning the original buffer tail (GitHub Advisory). The vulnerability has a CVSS v3.1 base score of 8.8 (High), with vector: CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H (AttackerKB).

An attacker can interactively write arbitrary amounts of data utilizing the USB HCI out endpoint, which will be copied to the destination bypassing buffer boundaries, resulting in an overflow. The impact can range from denial of service and security feature bypass to potential execution of arbitrary code in worst-case scenarios (GitHub Advisory).

The vulnerability affects versions prior to Zephyr v3.0.0. Users should upgrade to a patched version of the software to mitigate this vulnerability (GitHub Advisory).