CVE-2024-4785: 
NixOS vulnerability analysis and mitigation

A vulnerability in the Bluetooth Low Energy (BLE) controller implementation of Zephyr RTOS versions 3.6 and earlier has been identified. The issue, tracked as CVE-2024-4785, involves a missing validation check in the LLCONNECTIONUPDATE_IND packet processing, which can lead to a division by zero error. The vulnerability was discovered by Wei Che Kao from National Yang Ming Chiao Tung University and was publicly disclosed on August 19, 2024 (Zephyr Advisory).

The vulnerability exists in the function llcppdudecodeconnupdateind within subsys/bluetooth/controller/llsw/ullllcppdu.c, which fails to properly validate packet content before processing. During the Central-initiated Connection Parameters Request procedure, if the Interval parameter is set to zero in a malicious LLCONNECTIONPARAMIND packet, it triggers a division by zero error in the latencyupd calculation (connintervalold / interval). The vulnerability has been assigned a CVSS v3.1 score of 7.6 (High), with attack vector: Adjacent, attack complexity: Low, and no privileges or user interaction required (Zephyr Advisory).

When successfully exploited, this vulnerability allows a malicious BLE device to crash the BLE controller of a peripheral device. The impact primarily affects the availability of the system, with potential minor impacts on confidentiality and integrity. The vulnerability has been rated with High availability impact in the CVSS scoring (Zephyr Advisory).

A fix has been proposed in pull request #72608 for the main branch of the Zephyr project. However, no patched versions are currently available. Users of affected versions should monitor for updates and apply patches when available (Zephyr Advisory).