CVE-2024-6259: 
NixOS vulnerability analysis and mitigation

CVE-2024-6259 is a vulnerability discovered in the Zephyr Project's Bluetooth Host Controller Interface (HCI) implementation, specifically in the advextreport functionality. The vulnerability was disclosed on September 13, 2024, affecting Zephyr versions up to and including 3.6.0. The issue resides in the improper discarding routine in the bthcileadvext_report function located in /subsys/bluetooth/host/scan.c (Zephyr Advisory).

The vulnerability stems from an improper buffer length check in the cont routine where there is no verification of the remaining buffer before pulling data, leading to an under wrap of the buffer length. This bypass of the subsequent buffer size check results in a heap-based buffer overflow. The vulnerability has been assigned a CVSS v3.1 base score of 6.5 (MEDIUM) by NIST with vector AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H, while the Zephyr Project assessed it at 7.6 (HIGH) with vector CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:H. The vulnerability is classified under CWE-787 (Out-of-bounds Write), CWE-122 (Heap-based Buffer Overflow), and CWE-20 (Improper Input Validation) (NVD).

The exploitation of this vulnerability could lead to system instability, resulting in crashes or denial of service attacks. The vulnerability affects the availability of the system with potential impacts on confidentiality and integrity as assessed by the Zephyr Project (Zephyr Advisory).

Patches have been developed and are available through pull requests #74639 for the main branch and #77960 for v3.6. Users are advised to apply these patches to mitigate the vulnerability (Zephyr Advisory).