CVE-2022-1042: 
NixOS vulnerability analysis and mitigation

CVE-2022-1042 is an out-of-bounds write vulnerability discovered in the Zephyr bluetooth mesh core stack that can be triggered during provisioning. The vulnerability affects Zephyr versions up to and including 3.0.0, and was disclosed on July 26, 2022. This security flaw was identified by Han Yan, Lewei Qu, and Dongxiang Ke of Baidu AIoT Security Team (Zephyr Advisory).

The vulnerability occurs when a Transaction Continue PDU is received before the Transaction Start PDU (i.e., start segment lost). In this scenario, the SegN becomes initialized as 0xff, allowing subsequent SegO values up to 63, which leads to an out-of-bounds write condition. When SegO is greater than 2, XACTSEGDATA(seg) exceeds 43, causing data to be copied beyond the 66-byte limit of rx_buf. The vulnerability has been assigned a CVSS v3.1 base score of 8.8 HIGH (AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H) by NVD, while Zephyr Project rated it as 8.2 HIGH (CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:C/C:H/I:L/A:L) (NVD).

The vulnerability can lead to out-of-bounds write operations, potentially allowing an attacker to corrupt memory and execute arbitrary code. The CVSS metrics indicate high impacts on confidentiality, with potential compromises to integrity and availability of the affected systems (Zephyr Advisory).

The vulnerability has been fixed through multiple patches: main branch via PR #45066, v3.0 via PR #45135, and v2.7 via PR #45134. Users are advised to update to the patched versions of the Zephyr operating system (Zephyr Advisory).