CVE-2023-4424: 
NixOS vulnerability analysis and mitigation

A vulnerability identified as CVE-2023-4424 was discovered in Zephyr OS's Bluetooth Low Energy (BLE) implementation. The vulnerability, disclosed on November 21, 2023, affects Zephyr OS versions up to and including 3.4.0. The issue resides in the BLE advertising packet processing functionality, where a malformed advertising packet can trigger a buffer overflow condition (Zephyr Advisory).

The vulnerability exists in the le_advertising_report function within /subsys/bluetooth/controller/hci/hci.c. The issue stems from improper processing of advertising packets when copying data. The vulnerability involves an integer overflow where the value of adv->len is 1 and BDADDR_SIZE is 6, resulting in a data_len value of 251 due to unsigned integer arithmetic. This leads to a buffer overflow condition when copying data to adv_info->data[0]. Similar vulnerable code patterns were identified in le_mesh_scan_report and le_ext_adv_legacy_report functions. The vulnerability has been assigned a CVSS v3.1 base score of 8.8 HIGH (AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H) (NVD).

The vulnerability can lead to Denial of Service (DoS) conditions or potentially Remote Code Execution (RCE) when exploited. The impact is particularly severe as it affects the BLE communication stack, a critical component in IoT and embedded devices. The high CVSS score reflects the potential for complete compromise of system confidentiality, integrity, and availability (Zephyr Advisory).

Several patches have been developed to address this vulnerability across different versions of Zephyr OS. These include patches for the main branch (#61651), version 2.7 (#61694), version 3.3 (#61695), and version 3.4 (#61696). Users are advised to update their systems with the appropriate patch (Zephyr Advisory).