CVE-2021-43400: 
NixOS vulnerability analysis and mitigation

CVE-2021-43400 is a use-after-free vulnerability discovered in gatt-database.c in BlueZ 5.61. The vulnerability was disclosed on November 4, 2021, affecting the BlueZ Bluetooth protocol stack for Linux. The issue occurs when a client disconnects during D-Bus processing of a WriteValue call (NVD, Debian Security).

The vulnerability is classified as a use-after-free (CWE-416) issue with a CVSS v3.1 base score of 9.1 (Critical), with the vector string CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N. The technical issue stems from improper memory handling in the gatt-database.c component when processing WriteValue calls through D-Bus, specifically when a client disconnects during the operation (NVD, Kernel Git).

The vulnerability can lead to a denial of service condition and potential system crashes when exploited. The critical CVSS score indicates high impacts on both confidentiality and integrity of the affected systems (NVD).

The vulnerability was patched in BlueZ version 5.62. Various Linux distributions have released security updates to address this issue. Ubuntu has fixed the vulnerability in multiple versions: 5.60-0ubuntu2.1 for 21.10, 5.56-0ubuntu4.3 for 21.04, 5.53-0ubuntu3.4 for 20.04 LTS, and 5.48-0ubuntu3.6 for 18.04 LTS (Ubuntu Security, Debian LTS).