CVE-2022-1841: 
NixOS vulnerability analysis and mitigation

A vulnerability identified as CVE-2022-1841 was discovered in the Zephyr RTOS TCP implementation. The issue affects versions up to and including Zephyr v3.0, specifically in the tcp_flags function within the subsys/net/ip/tcp.c file. The vulnerability was disclosed on August 25, 2022 (GitHub Advisory).

The vulnerability is an out-of-bounds write issue in the tcpflags function. When processing TCP packets, the function does not properly validate the thflags field in the TCP header. Specifically, when the incoming parameter flags is ECN or CWR, the function attempts to write a null byte (\0) to buf[0-1] when len is 0, resulting in an out-of-bounds write that can modify other data on the stack. The vulnerability has been assigned a CVSS v3.1 base score of 5.3 (Medium) with the vector string CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N (AttackerKB).

The vulnerability allows an attacker to perform an out-of-bounds write operation, potentially modifying data on the stack. This can lead to integrity violations and potential system instability. The CVSS scoring indicates that while confidentiality is not impacted, there are low impacts on both integrity and availability of the system (GitHub Advisory).

The vulnerability has been patched in the Zephyr project through pull request #45796. Users are advised to upgrade to a patched version of the software. The fix was implemented after the vulnerability was disclosed on August 18, 2022 (GitHub Advisory).