CVE-2024-5931: 
NixOS vulnerability analysis and mitigation

CVE-2024-5931 is a vulnerability discovered in the Zephyr Real-Time Operating System (RTOS) affecting versions up to and including 3.6.0. The vulnerability exists in the parse_recv_state function within subsys/bluetooth/audio/bap_broadcast_assistant.c, where unchecked user input in the bap_broadcast_assistant component can lead to a stack overflow condition. The issue was disclosed on September 13, 2024 (Zephyr Advisory).

The vulnerability stems from insufficient validation of the recv_state->num_subgroups parameter, which is determined by user input through net_buf_simple_pull_u8(&buf). This value is directly used as an upper limit in a subsequent for loop without validation against CONFIG_BT_BAP_BASS_MAX_SUBGROUPS, potentially leading to a stack-based buffer overflow. The vulnerability has been assigned a CVSS v3.1 base score of 6.5 MEDIUM (CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H) by NIST, while the Zephyr Project assessed it at 6.3 MEDIUM (CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L) (Zephyr Advisory).

The exploitation of this vulnerability could result in system instability or denial of service attacks. The vulnerability affects the system's stability and could potentially lead to a crash when the subgroup exceeds the bounds of the recv_state array (Zephyr Advisory).

Patches have been developed and are available through pull requests #74062 for the main branch and #77966 for v3.6. Users are advised to apply these patches to address the vulnerability (Zephyr Advisory).