CVE-2024-3332: 
NixOS vulnerability analysis and mitigation

A vulnerability was discovered in the Zephyr Project's Bluetooth host/SMP implementation that could lead to a Denial of Service (DoS) attack. The vulnerability (CVE-2024-3332) was disclosed on July 3, 2024, and affects Zephyr versions up to and including 3.6.0. The issue exists in the smp_error function within subsys/bluetooth/host/smp.c, where a missing null pointer check can lead to a system crash (Zephyr Advisory).

The vulnerability stems from a NULL pointer dereference in the smperror function where smp->chan.chan.conn is not properly validated. The issue occurs during LE Secure Connections (Just Works) pairing when the Controller doesn't support ECC (BTTINYCRYPT_ECC=1). The vulnerability can be triggered through a specific sequence of events involving DHKey computation and verification, followed by connection termination. The CVSS v3.1 score is 6.5 (Medium) with vector: CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H (Zephyr Advisory).

When successfully exploited, a malicious BLE device can cause a Denial of Service (DoS) attack on the victim BLE device by triggering a system crash through NULL pointer dereference. The vulnerability affects the availability of the system while having no direct impact on confidentiality or integrity (Zephyr Advisory).

A fix has been proposed in pull request #71030 for the main branch of the Zephyr project. However, no official patched versions are currently available. Users of affected versions should monitor for updates and apply patches when available (Zephyr Advisory).