CVE-2021-3433

Name of the Vulnerable Software and Affected Versions Zephyr versions >= v2.5.0

Description The issue arises from an invalid channel map in CONNECT IND, resulting in a deadlock due to improper check or handling of exceptional conditions. This is classified as CWE-703.

Recommendations For Zephyr versions >= v2.5.0, consider temporarily disabling the CONNECT IND functionality until a patch is available to prevent deadlocks caused by invalid channel maps. Restrict access to the vulnerable module to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this vulnerability.