CVE-2022-41972

Name of the Vulnerable Software and Affected Versions Contiki-NG versions prior to 4.9

Description The Contiki-NG operating system for IoT devices contains a Bluetooth Low Energy stack that is vulnerable to a NULL Pointer Dereference in the BLE L2CAP module. An attacker can inject a packet into this stack, causing the implementation to dereference a NULL pointer and trigger undefined behavior. This occurs while processing the L2CAP protocol, where the implementation maps an incoming channel ID to its metadata structure. The input l2cap credit function in the os/net/mac/ble/ble-l2cap.c module manages state information regarding credits but does not check if the metadata corresponding to the user-supplied channel ID exists, potentially leading to a NULL pointer dereference.

Recommendations For Contiki-NG versions prior to 4.9, apply the patch in Contiki-NG pull request #2253 as a workaround until the new package is released. As a temporary workaround, consider restricting access to the BLE L2CAP module to minimize the risk of exploitation.