security: docs: Add CVE-2021-3966

Flavio Ceolin · nashif · commit e14d07a8697e · 2022-02-17T19:05:08.000-05:00
Add information about CVE-2021-3966

Signed-off-by: Flavio Ceolin &lt;flavio.ceolin@intel.com&gt;
diff --git a/doc/security/vulnerabilities.rst b/doc/security/vulnerabilities.rst
@@ -1140,3 +1140,19 @@ This has been fixed in main for v3.0.0
 
 - `PR 39725 fix for main
   <https://github.com/zephyrproject-rtos/zephyr/pull/39725>`_
+
+CVE-2021-3966
+-------------
+
+Usb bluetooth device ACL read cb buffer overflow
+
+This has been fixed in main for v3.0.0
+
+- `Zephyr project bug tracker GHSA-hfxq-3w6x-fv2m
+  <https://github.com/zephyrproject-rtos/zephyr/security/advisories/GHSA-hfxq-3w6x-fv2m>`_
+
+- `PR 42093 fix for main
+  <https://github.com/zephyrproject-rtos/zephyr/pull/42093>`_
+
+- `PR 42167 fix for v2.7.0
+  <https://github.com/zephyrproject-rtos/zephyr/pull/42167>`_
