CVE-2022-2741: 
NixOS vulnerability analysis and mitigation

CVE-2022-2741 is a denial-of-service vulnerability affecting the Bosch M_CAN driver back-end in the Zephyr Real-Time Operating System (RTOS) versions up to and including 3.1.0. The vulnerability was discovered during the investigation of issue #47204 and was publicly disclosed on October 24, 2022. The affected hardware includes NXP LPCxpresso5500 series, ST STM32H7 series, ST STM32G4 series, ST STM32U5 series, Atmel SAME70 series, and Atmel SAMV71 series (Zephyr Advisory).

The vulnerability exists in the Bosch M_CAN driver back-end interrupt service routine. The denial-of-service condition can be triggered by transmitting a specially crafted CAN frame on the same CAN network as the vulnerable node. The attack requires the frame to have a CAN ID matching an installed filter in the vulnerable node and must contain the opposite RTR bit as what the filter installed in the vulnerable node contains. When exploited, the frame is never acknowledged and keeps being read from the hardware FIFO, causing an endless loop in the interrupt service routine. The vulnerability has been assigned a CVSS v3.1 base score of 8.2 (High) with vector string CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:H (Zephyr Advisory).

When successfully exploited, this vulnerability results in a denial-of-service condition that affects the availability of the targeted system. The attack can be executed remotely through the CAN network, requiring no user interaction or special privileges. While there is no impact on confidentiality, there is a low impact on integrity and a high impact on availability of the affected system (Zephyr Advisory).

Several patches have been developed to address this vulnerability: main branch (#47903), v3.1 branch (#47958), v3.0 branch (#47958), and v2.7 branch (#47959). Users are advised to apply the appropriate patch for their version (Zephyr Advisory).