All the vulnerabilites related to Texas Instruments - SimpleLink-CC13XX
cve-2021-27502
Vulnerability from cvelistv5
Published
2023-11-21 17:41
Modified
2024-08-03 21:26
Severity ?
EPSS score ?
Summary
Texas Instruments TI-RTOS Integer Overflow or Wraparound
References
Impacted products
Vendor | Product | Version | |||||||||||||||||
---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
▼ | Texas Instruments | CC32XX |
Version: 0 < 4.40.00.07 |
||||||||||||||||
|
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-03T21:26:09.047Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "tags": [ "x_transferred" ], "url": "https://www.cisa.gov/news-events/ics-advisories/icsa-21-119-04" }, { "tags": [ "x_transferred" ], "url": "https://www.ti.com/tool/TI-RTOS-MCU" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "defaultStatus": "unaffected", "product": "CC32XX", "vendor": "Texas Instruments", "versions": [ { "lessThan": "4.40.00.07", "status": "affected", "version": "0", "versionType": "custom" } ] }, { "defaultStatus": "unaffected", "product": "SimpleLink MSP432E4XX", "vendor": "Texas Instruments", "versions": [ { "status": "affected", "version": "all versions" } ] }, { "defaultStatus": "unaffected", "product": "SimpleLink-CC13XX", "vendor": "Texas Instruments", "versions": [ { "lessThan": "4.40.00", "status": "affected", "version": "0", "versionType": "custom" } ] }, { "defaultStatus": "unaffected", "product": "SimpleLink-CC26XX", "vendor": "Texas Instruments", "versions": [ { "lessThan": "4.40.00", "status": "affected", "version": "0", "versionType": "custom" } ] }, { "defaultStatus": "unaffected", "product": "SimpleLink-CC32XX", "vendor": "Texas Instruments", "versions": [ { "lessThan": "4.10.03", "status": "affected", "version": "0", "versionType": "custom" } ] } ], "credits": [ { "lang": "en", "type": "finder", "user": "00000000-0000-4000-9000-000000000000", "value": "David Atch, Omri Ben Bassat, and Tamir Ariel from Microsoft Section 52, and the Azure Defender for IoT research group reported these vulnerabilities to CISA." } ], "descriptions": [ { "lang": "en", "supportingMedia": [ { "base64": false, "type": "text/html", "value": "\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003e\n\n\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003e\n\n\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003e\n\n\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003e\nTexas Instruments TI-RTOS, when configured to use HeapMem heap(default),\n malloc returns a valid pointer to a small buffer on extremely large \nvalues, which can trigger an integer overflow vulnerability in \n\u0027HeapMem_allocUnprotected\u0027 and result in code execution. \n\n \u003c/span\u003e\n\n\u003c/span\u003e\n\n\u003c/span\u003e\n\n\u003c/span\u003e" } ], "value": "Texas Instruments TI-RTOS, when configured to use HeapMem heap(default),\n malloc returns a valid pointer to a small buffer on extremely large \nvalues, which can trigger an integer overflow vulnerability in \n\u0027HeapMem_allocUnprotected\u0027 and result in code execution." } ], "metrics": [ { "cvssV3_1": { "attackComplexity": "HIGH", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "baseScore": 7.4, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1" }, "format": "CVSS", "scenarios": [ { "lang": "en", "value": "GENERAL" } ] } ], "problemTypes": [ { "descriptions": [ { "cweId": "CWE-190", "description": "CWE-190: Integer Overflow or Wraparound", "lang": "en", "type": "CWE" } ] } ], "providerMetadata": { "dateUpdated": "2023-11-21T17:41:08.040Z", "orgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6", "shortName": "icscert" }, "references": [ { "url": "https://www.cisa.gov/news-events/ics-advisories/icsa-21-119-04" }, { "url": "https://www.ti.com/tool/TI-RTOS-MCU" } ], "solutions": [ { "lang": "en", "supportingMedia": [ { "base64": false, "type": "text/html", "value": "\u003cdiv\u003eTexas Instruments CC32XX \u2013 Update to v4.40.00.07\u003c/div\u003e\u003cdiv\u003eTexas Instruments SimpleLink CC13X0 \u2013 \u003ca target=\"_blank\" rel=\"nofollow\" href=\"https://www.ti.com/technologies/security/report-product-security-vulnerabilities.html\"\u003eUpdate to v4.10.03\u003c/a\u003e\u003c/div\u003e\u003cdiv\u003eTexas Instruments SimpleLink CC13X2-CC26X2 \u2013 \u003ca target=\"_blank\" rel=\"nofollow\" href=\"https://www.ti.com/technologies/security/report-product-security-vulnerabilities.html\"\u003eUpdate to v4.40.00\u003c/a\u003e\u003c/div\u003e\u003cdiv\u003eTexas Instruments SimpleLink CC2640R2 \u2013 \u003ca target=\"_blank\" rel=\"nofollow\" href=\"https://www.ti.com/technologies/security/report-product-security-vulnerabilities.html\"\u003eUpdate to v4.40.00\u003c/a\u003e\u003c/div\u003e\u003cdiv\u003eTexas Instruments SimpleLink MSP432E4 \u2013 Confirmed. No update currently planned\u003c/div\u003e\n\n\u003cbr\u003e" } ], "value": "Texas Instruments CC32XX \u2013 Update to v4.40.00.07\n\nTexas Instruments SimpleLink CC13X0 \u2013 Update to v4.10.03 https://www.ti.com/technologies/security/report-product-security-vulnerabilities.html \n\nTexas Instruments SimpleLink CC13X2-CC26X2 \u2013 Update to v4.40.00 https://www.ti.com/technologies/security/report-product-security-vulnerabilities.html \n\nTexas Instruments SimpleLink CC2640R2 \u2013 Update to v4.40.00 https://www.ti.com/technologies/security/report-product-security-vulnerabilities.html \n\nTexas Instruments SimpleLink MSP432E4 \u2013 Confirmed. No update currently planned" } ], "source": { "discovery": "EXTERNAL" }, "title": "Texas Instruments TI-RTOS Integer Overflow or Wraparound", "x_generator": { "engine": "Vulnogram 0.1.0-dev" } } }, "cveMetadata": { "assignerOrgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6", "assignerShortName": "icscert", "cveId": "CVE-2021-27502", "datePublished": "2023-11-21T17:41:08.040Z", "dateReserved": "2021-02-19T17:45:42.346Z", "dateUpdated": "2024-08-03T21:26:09.047Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2021-22636
Vulnerability from cvelistv5
Published
2023-11-20 19:02
Modified
2024-08-03 18:44
Severity ?
EPSS score ?
Summary
Texas Instruments TI-RTOS Integer Overflow or Wraparound
References
Impacted products
Vendor | Product | Version | |||||||||||||||||
---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
▼ | Texas Instruments | CC32XX |
Version: 0 < 4.40.00.07 |
||||||||||||||||
|
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-03T18:44:13.779Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "tags": [ "x_transferred" ], "url": "https://www.cisa.gov/news-events/ics-advisories/icsa-21-119-04" }, { "tags": [ "x_transferred" ], "url": "https://www.ti.com/tool/TI-RTOS-MCU" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "defaultStatus": "unaffected", "product": "CC32XX", "vendor": "Texas Instruments", "versions": [ { "lessThan": "4.40.00.07", "status": "affected", "version": "0", "versionType": "custom" } ] }, { "defaultStatus": "unaffected", "product": "SimpleLink MSP432E4XX", "vendor": "Texas Instruments", "versions": [ { "status": "affected", "version": "all versions" } ] }, { "defaultStatus": "unaffected", "product": "SimpleLink-CC13XX", "vendor": "Texas Instruments", "versions": [ { "lessThan": "4.40.00", "status": "affected", "version": "0", "versionType": "custom" } ] }, { "defaultStatus": "unaffected", "product": "SimpleLink-CC26XX", "vendor": "Texas Instruments", "versions": [ { "lessThan": "4.40.00", "status": "affected", "version": "0", "versionType": "custom" } ] }, { "defaultStatus": "unaffected", "product": "SimpleLink-CC32XX", "vendor": "Texas Instruments", "versions": [ { "lessThan": "4.10.03", "status": "affected", "version": "0", "versionType": "custom" } ] } ], "credits": [ { "lang": "en", "type": "finder", "user": "00000000-0000-4000-9000-000000000000", "value": "David Atch, Omri Ben Bassat, and Tamir Ariel from Microsoft Section 52, and the Azure Defender for IoT research group reported these vulnerabilities to CISA." } ], "descriptions": [ { "lang": "en", "supportingMedia": [ { "base64": false, "type": "text/html", "value": "\n\n\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003e\n\n\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003e\n\n\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003e\n\n\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003eTexas Instruments TI-RTOS, when configured to use HeapMem heap(default), malloc returns a valid pointer to a small buffer on extremely large values, which can trigger an integer overflow vulnerability in \u0027HeapMem_allocUnprotected\u0027 and result in code execution. \u003c/span\u003e\n\n\u003c/span\u003e\n\n\u003c/span\u003e\n\n\u003c/span\u003e\n\n" } ], "value": "\n\n\n\n\n\n\nTexas Instruments TI-RTOS, when configured to use HeapMem heap(default), malloc returns a valid pointer to a small buffer on extremely large values, which can trigger an integer overflow vulnerability in \u0027HeapMem_allocUnprotected\u0027 and result in code execution. \n\n\n\n\n\n\n\n" } ], "metrics": [ { "cvssV3_1": { "attackComplexity": "HIGH", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "baseScore": 7.4, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1" }, "format": "CVSS", "scenarios": [ { "lang": "en", "value": "GENERAL" } ] } ], "problemTypes": [ { "descriptions": [ { "cweId": "CWE-190", "description": "CWE-190: Integer Overflow or Wraparound", "lang": "en", "type": "CWE" } ] } ], "providerMetadata": { "dateUpdated": "2023-11-20T19:04:56.253Z", "orgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6", "shortName": "icscert" }, "references": [ { "url": "https://www.cisa.gov/news-events/ics-advisories/icsa-21-119-04" }, { "url": "https://www.ti.com/tool/TI-RTOS-MCU" } ], "solutions": [ { "lang": "en", "supportingMedia": [ { "base64": false, "type": "text/html", "value": "\u003cdiv\u003eTexas Instruments CC32XX \u2013 Update to v4.40.00.07\u003c/div\u003e\u003cdiv\u003eTexas Instruments SimpleLink CC13X0 \u2013 \u003ca target=\"_blank\" rel=\"nofollow\" href=\"https://www.ti.com/technologies/security/report-product-security-vulnerabilities.html\"\u003eUpdate to v4.10.03\u003c/a\u003e\u003c/div\u003e\u003cdiv\u003eTexas Instruments SimpleLink CC13X2-CC26X2 \u2013 \u003ca target=\"_blank\" rel=\"nofollow\" href=\"https://www.ti.com/technologies/security/report-product-security-vulnerabilities.html\"\u003eUpdate to v4.40.00\u003c/a\u003e\u003c/div\u003e\u003cdiv\u003eTexas Instruments SimpleLink CC2640R2 \u2013 \u003ca target=\"_blank\" rel=\"nofollow\" href=\"https://www.ti.com/technologies/security/report-product-security-vulnerabilities.html\"\u003eUpdate to v4.40.00\u003c/a\u003e\u003c/div\u003e\u003cdiv\u003eTexas Instruments SimpleLink MSP432E4 \u2013 Confirmed. No update currently planned\u003c/div\u003e\n\n\u003cbr\u003e" } ], "value": "Texas Instruments CC32XX \u2013 Update to v4.40.00.07\n\nTexas Instruments SimpleLink CC13X0 \u2013 Update to v4.10.03 https://www.ti.com/technologies/security/report-product-security-vulnerabilities.html \n\nTexas Instruments SimpleLink CC13X2-CC26X2 \u2013 Update to v4.40.00 https://www.ti.com/technologies/security/report-product-security-vulnerabilities.html \n\nTexas Instruments SimpleLink CC2640R2 \u2013 Update to v4.40.00 https://www.ti.com/technologies/security/report-product-security-vulnerabilities.html \n\nTexas Instruments SimpleLink MSP432E4 \u2013 Confirmed. No update currently planned\n\n\n\n\n" } ], "source": { "discovery": "EXTERNAL" }, "title": "Texas Instruments TI-RTOS Integer Overflow or Wraparound", "x_generator": { "engine": "Vulnogram 0.1.0-dev" } } }, "cveMetadata": { "assignerOrgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6", "assignerShortName": "icscert", "cveId": "CVE-2021-22636", "datePublished": "2023-11-20T19:02:30.434Z", "dateReserved": "2021-01-05T18:23:02.914Z", "dateUpdated": "2024-08-03T18:44:13.779Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2021-27429
Vulnerability from cvelistv5
Published
2023-11-20 19:00
Modified
2024-08-03 20:48
Severity ?
EPSS score ?
Summary
Texas Instruments TI-RTOS Integer Overflow or Wraparound
References
Impacted products
Vendor | Product | Version | |||||||||||||||||
---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
▼ | Texas Instruments | CC32XX |
Version: 0 < 4.40.00.07 |
||||||||||||||||
|
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-03T20:48:17.195Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "tags": [ "x_transferred" ], "url": "https://www.cisa.gov/news-events/ics-advisories/icsa-21-119-04" }, { "tags": [ "x_transferred" ], "url": "https://www.ti.com/tool/TI-RTOS-MCU" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "defaultStatus": "unaffected", "product": "CC32XX", "vendor": "Texas Instruments", "versions": [ { "lessThan": "4.40.00.07", "status": "affected", "version": "0", "versionType": "custom" } ] }, { "defaultStatus": "unaffected", "product": "SimpleLink MSP432E4XX", "vendor": "Texas Instruments", "versions": [ { "status": "affected", "version": "all versions" } ] }, { "defaultStatus": "unaffected", "product": "SimpleLink-CC13XX", "vendor": "Texas Instruments", "versions": [ { "lessThan": "4.40.00", "status": "affected", "version": "0", "versionType": "custom" } ] }, { "defaultStatus": "unaffected", "product": "SimpleLink-CC26XX", "vendor": "Texas Instruments", "versions": [ { "lessThan": "4.40.00", "status": "affected", "version": "0", "versionType": "custom" } ] }, { "defaultStatus": "unaffected", "product": "SimpleLink-CC32XX", "vendor": "Texas Instruments", "versions": [ { "lessThan": "4.10.03", "status": "affected", "version": "0", "versionType": "custom" } ] } ], "credits": [ { "lang": "en", "type": "finder", "user": "00000000-0000-4000-9000-000000000000", "value": "David Atch, Omri Ben Bassat, and Tamir Ariel from Microsoft Section 52, and the Azure Defender for IoT research group reported these vulnerabilities to CISA." } ], "descriptions": [ { "lang": "en", "supportingMedia": [ { "base64": false, "type": "text/html", "value": "\n\n\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003eTexas Instruments TI-RTOS returns a valid pointer to a small buffer on extremely large values. This can trigger an integer overflow vulnerability in \u0027HeapTrack_alloc\u0027 and result in code execution. \u003c/span\u003e\n\n" } ], "value": "\nTexas Instruments TI-RTOS returns a valid pointer to a small buffer on extremely large values. This can trigger an integer overflow vulnerability in \u0027HeapTrack_alloc\u0027 and result in code execution. \n\n" } ], "metrics": [ { "cvssV3_1": { "attackComplexity": "HIGH", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "baseScore": 7.4, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1" }, "format": "CVSS", "scenarios": [ { "lang": "en", "value": "GENERAL" } ] } ], "problemTypes": [ { "descriptions": [ { "cweId": "CWE-190", "description": "CWE-190: Integer Overflow or Wraparound", "lang": "en", "type": "CWE" } ] } ], "providerMetadata": { "dateUpdated": "2023-11-20T19:00:19.757Z", "orgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6", "shortName": "icscert" }, "references": [ { "url": "https://www.cisa.gov/news-events/ics-advisories/icsa-21-119-04" }, { "url": "https://www.ti.com/tool/TI-RTOS-MCU" } ], "solutions": [ { "lang": "en", "supportingMedia": [ { "base64": false, "type": "text/html", "value": "\u003cdiv\u003eTexas Instruments CC32XX \u2013 Update to v4.40.00.07\u003c/div\u003e\u003cdiv\u003eTexas Instruments SimpleLink CC13X0 \u2013 \u003ca target=\"_blank\" rel=\"nofollow\" href=\"https://www.ti.com/technologies/security/report-product-security-vulnerabilities.html\"\u003eUpdate to v4.10.03\u003c/a\u003e\u003c/div\u003e\u003cdiv\u003eTexas Instruments SimpleLink CC13X2-CC26X2 \u2013 \u003ca target=\"_blank\" rel=\"nofollow\" href=\"https://www.ti.com/technologies/security/report-product-security-vulnerabilities.html\"\u003eUpdate to v4.40.00\u003c/a\u003e\u003c/div\u003e\u003cdiv\u003eTexas Instruments SimpleLink CC2640R2 \u2013 \u003ca target=\"_blank\" rel=\"nofollow\" href=\"https://www.ti.com/technologies/security/report-product-security-vulnerabilities.html\"\u003eUpdate to v4.40.00\u003c/a\u003e\u003c/div\u003e\u003cdiv\u003eTexas Instruments SimpleLink MSP432E4 \u2013 Confirmed. No update currently planned\u003c/div\u003e\n\n\u003cbr\u003e" } ], "value": "Texas Instruments CC32XX \u2013 Update to v4.40.00.07\n\nTexas Instruments SimpleLink CC13X0 \u2013 Update to v4.10.03 https://www.ti.com/technologies/security/report-product-security-vulnerabilities.html \n\nTexas Instruments SimpleLink CC13X2-CC26X2 \u2013 Update to v4.40.00 https://www.ti.com/technologies/security/report-product-security-vulnerabilities.html \n\nTexas Instruments SimpleLink CC2640R2 \u2013 Update to v4.40.00 https://www.ti.com/technologies/security/report-product-security-vulnerabilities.html \n\nTexas Instruments SimpleLink MSP432E4 \u2013 Confirmed. No update currently planned\n\n\n\n\n" } ], "source": { "discovery": "EXTERNAL" }, "title": "Texas Instruments TI-RTOS Integer Overflow or Wraparound", "x_generator": { "engine": "Vulnogram 0.1.0-dev" } } }, "cveMetadata": { "assignerOrgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6", "assignerShortName": "icscert", "cveId": "CVE-2021-27429", "datePublished": "2023-11-20T19:00:19.757Z", "dateReserved": "2021-02-19T17:45:42.315Z", "dateUpdated": "2024-08-03T20:48:17.195Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2021-27504
Vulnerability from cvelistv5
Published
2023-11-21 17:43
Modified
2024-08-03 21:26
Severity ?
EPSS score ?
Summary
Texas Instruments FREERTOS Integer Overflow or Wraparound
References
Impacted products
Vendor | Product | Version | |||||||||||||||||
---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
▼ | Texas Instruments | CC32XX |
Version: 0 < 4.40.00.07 |
||||||||||||||||
|
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-03T21:26:09.768Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "tags": [ "x_transferred" ], "url": "https://www.cisa.gov/news-events/ics-advisories/icsa-21-119-04" }, { "tags": [ "x_transferred" ], "url": "https://www.ti.com/tool/TI-RTOS-MCU" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "defaultStatus": "unaffected", "product": "CC32XX", "vendor": "Texas Instruments", "versions": [ { "lessThan": "4.40.00.07", "status": "affected", "version": "0", "versionType": "custom" } ] }, { "defaultStatus": "unaffected", "product": "SimpleLink MSP432E4XX", "vendor": "Texas Instruments", "versions": [ { "status": "affected", "version": "all versions" } ] }, { "defaultStatus": "unaffected", "product": "SimpleLink-CC13XX", "vendor": "Texas Instruments", "versions": [ { "lessThan": "4.40.00", "status": "affected", "version": "0", "versionType": "custom" } ] }, { "defaultStatus": "unaffected", "product": "SimpleLink-CC26XX", "vendor": "Texas Instruments", "versions": [ { "lessThan": "4.40.00", "status": "affected", "version": "0", "versionType": "custom" } ] }, { "defaultStatus": "unaffected", "product": "SimpleLink-CC32XX", "vendor": "Texas Instruments", "versions": [ { "lessThan": "4.10.03", "status": "affected", "version": "0", "versionType": "custom" } ] } ], "credits": [ { "lang": "en", "type": "finder", "user": "00000000-0000-4000-9000-000000000000", "value": "David Atch, Omri Ben Bassat, and Tamir Ariel from Microsoft Section 52, and the Azure Defender for IoT research group reported these vulnerabilities to CISA." } ], "descriptions": [ { "lang": "en", "supportingMedia": [ { "base64": false, "type": "text/html", "value": "\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003e\n\n\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003e\n\n\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003e\n\n\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003e\n\nTexas Instruments devices running FREERTOS, malloc returns a valid \npointer to a small buffer on extremely large values, which can trigger \nan integer overflow vulnerability in \u0027malloc\u0027 for FreeRTOS, resulting in\n code execution.\n\n \n\n \u003c/span\u003e\n\n\u003c/span\u003e\n\n\u003c/span\u003e\n\n\u003c/span\u003e" } ], "value": "Texas Instruments devices running FREERTOS, malloc returns a valid \npointer to a small buffer on extremely large values, which can trigger \nan integer overflow vulnerability in \u0027malloc\u0027 for FreeRTOS, resulting in\n code execution." } ], "metrics": [ { "cvssV3_1": { "attackComplexity": "HIGH", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "baseScore": 7.4, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1" }, "format": "CVSS", "scenarios": [ { "lang": "en", "value": "GENERAL" } ] } ], "problemTypes": [ { "descriptions": [ { "cweId": "CWE-190", "description": "CWE-190: Integer Overflow or Wraparound", "lang": "en", "type": "CWE" } ] } ], "providerMetadata": { "dateUpdated": "2023-11-21T17:43:12.120Z", "orgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6", "shortName": "icscert" }, "references": [ { "url": "https://www.cisa.gov/news-events/ics-advisories/icsa-21-119-04" }, { "url": "https://www.ti.com/tool/TI-RTOS-MCU" } ], "solutions": [ { "lang": "en", "supportingMedia": [ { "base64": false, "type": "text/html", "value": "\u003cdiv\u003eTexas Instruments CC32XX \u2013 Update to v4.40.00.07\u003c/div\u003e\u003cdiv\u003eTexas Instruments SimpleLink CC13X0 \u2013 \u003ca target=\"_blank\" rel=\"nofollow\" href=\"https://www.ti.com/technologies/security/report-product-security-vulnerabilities.html\"\u003eUpdate to v4.10.03\u003c/a\u003e\u003c/div\u003e\u003cdiv\u003eTexas Instruments SimpleLink CC13X2-CC26X2 \u2013 \u003ca target=\"_blank\" rel=\"nofollow\" href=\"https://www.ti.com/technologies/security/report-product-security-vulnerabilities.html\"\u003eUpdate to v4.40.00\u003c/a\u003e\u003c/div\u003e\u003cdiv\u003eTexas Instruments SimpleLink CC2640R2 \u2013 \u003ca target=\"_blank\" rel=\"nofollow\" href=\"https://www.ti.com/technologies/security/report-product-security-vulnerabilities.html\"\u003eUpdate to v4.40.00\u003c/a\u003e\u003c/div\u003e\u003cdiv\u003eTexas Instruments SimpleLink MSP432E4 \u2013 Confirmed. No update currently planned\u003c/div\u003e\n\n\u003cbr\u003e" } ], "value": "Texas Instruments CC32XX \u2013 Update to v4.40.00.07\n\nTexas Instruments SimpleLink CC13X0 \u2013 Update to v4.10.03 https://www.ti.com/technologies/security/report-product-security-vulnerabilities.html \n\nTexas Instruments SimpleLink CC13X2-CC26X2 \u2013 Update to v4.40.00 https://www.ti.com/technologies/security/report-product-security-vulnerabilities.html \n\nTexas Instruments SimpleLink CC2640R2 \u2013 Update to v4.40.00 https://www.ti.com/technologies/security/report-product-security-vulnerabilities.html \n\nTexas Instruments SimpleLink MSP432E4 \u2013 Confirmed. No update currently planned" } ], "source": { "discovery": "EXTERNAL" }, "title": "Texas Instruments FREERTOS Integer Overflow or Wraparound", "x_generator": { "engine": "Vulnogram 0.1.0-dev" } } }, "cveMetadata": { "assignerOrgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6", "assignerShortName": "icscert", "cveId": "CVE-2021-27504", "datePublished": "2023-11-21T17:43:12.120Z", "dateReserved": "2021-02-19T17:45:42.346Z", "dateUpdated": "2024-08-03T21:26:09.768Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }