This thread has been locked.
If you have a related question, please click the "Ask a related question" button in the top right corner. The newly created question will be automatically linked to this question.
Replies: 1
Views: 2479
As part of the TI Product Security Incident Response Team (PSIRT) process, we would like to notify you about the potential vulnerability of unexpected public key crash as mentioned part of the SweynTooth vulnerabilities.
Summary
The Bluetooth Low Energy peripheral implementation in our SimpleLink™ SDK allows reception of the Secure Manager Protocol (SMP) public key packet even when legacy pairing procedure is used. This can allow attackers in radio range to potentially crash the device via a crafted packet resulting in a denial of service.
When the Bluetooth Low Energy device that is configured in peripheral role performs the legacy pairing procedure, it is possible to cause a device hard fault by sending an SMP public key packet before the SMP pairing procedure starts. If this behavior is not properly handled in the application, the device can potentially enter a dead-lock state, leading to denial of service.
CVSS base score: 5.7
CVSS vector: https://www.first.org/cvss/calculator/3.0#CVSS:3.0/AV:A/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H
Affected products
Here is the list of affected Bluetooth Low Energy SDKs:
Impacted features
The potential vulnerability can impact Bluetooth Low Energy devices running affected SDK versions that have configured the devices as a Bluetooth Low Energy peripheral and legacy pairing procedure is enabled.
Suggested mitigations
The following service-pack release addresses the potential vulnerability:
Affected SDK
SDK version with mitigations
SDK releases with mitigations
CC2640R2 SDK, BLE-STACK
SDK v3.40.00.10 at http://software-dl.ti.com/simplelink/esd/simplelink_cc2640r2_sdk/3.40.00.10/exports/release_notes_simplelink_cc2640r2_sdk_3_40_00_10.html
10-Jan-2020
CC2640R2 SDK, BLE5-STACK
CC13X2-26X2-SDK, BLE5-STACK
SDK v3.40.00.02 at http://software-dl.ti.com/simplelink/esd/simplelink_cc13x2_26x2_sdk/3.40.00.02/exports/docs/Documentation_Overview.html ,
20-Dec-2019
CC13x0 SDK, BLE-STACK
SDK v4.10.xx at http://www.ti.com/tool/SIMPLELINK-CC13X0-SDK
20-Mar-2020
BLE-STACK (support for CC2640/CC2650 )
BLE-STACK v2.2.4 at http://www.ti.com/tool/BLE-STACK
16-Mar-2020
[1] Consider subscribing to “Alert Me” at the corresponding SDK download links to be notified of the new SDK releases.
External references
Disclaimer
TI PROVIDES THIS INFORMATION, INCLUDING THE CVSS (COMMON VULNERABILITY SCORING SYSTEM) SCORE, “AS IS” AND WITH ALL FAULTS, AND DISCLAIMS ALL WARRANTIES, EXPRESS AND IMPLIED, INCLUDING WITHOUT LIMITATION ANY IMPLIED WARRANTIES OF MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE OR NON-INFRINGEMENT OF THIRD PARTY INTELLECTUAL PROPERTY RIGHTS. THE CVSS SCORE WAS CALCULATED WITH THE CVSS 3.0 CALCULATOR AND IS BASED ON TI AVAILABLE INFORMATION AND TI ESTIMATES.
This resource is intended for skilled developers designing with TI products. You are solely responsible for (1) selecting the appropriate TI products for your application, (2) designing, validating and testing your application, and (3) ensuring your application meets applicable standards, and any other safety, security, or other requirements. This resource is subject to change without notice. TI grants you permission to use this resource only for development of an application that uses the TI products described in the resource. Other reproduction and display of these resources is prohibited. No license is granted to any other TI intellectual property right or to any third party intellectual property right. TI disclaims responsibility for, and you will fully indemnify TI and its representatives against, any claims, damages, costs, losses, and liabilities arising out of your use of these resources.
TI’s products are provided subject to TI’s Terms of Sale (www.ti.com/legal/termsofsale.html) or other applicable terms available either on ti.com or provided in conjunction with such TI products. TI’s provision of this resource does not expand or otherwise alter TI’s applicable warranties or warranty disclaimers for TI products.
Regards,
Evan Wakefield
Please click the "This Resolved My Issue" button on this post if it answers your question
Updated scope of affected BLE_STACK SDK versions for CC26x0 devices to only those versions that support the LE Secure Connections pairing feature.