CVE-2021-27502

Texas Instruments TI-RTOS, when configured to use HeapMem heap(default), malloc returns a valid pointer to a small buffer on extremely large values, which can trigger an integer overflow vulnerability in 'HeapMem_allocUnprotected' and result in code execution.

CVSS v3 7.4 HIGH

7.4^/10

CVSS v3 : HIGH

V3 Legend

Vector :

Exploitability : 1.4 / Impact : 5.9

Attack Vector LOCAL

Attack Complexity HIGH

Privileges Required NONE

User Interaction NONE

Confidentiality Impact HIGH

Integrity Impact HIGH

Availability Impact HIGH

Scope UNCHANGED

References

Link	Resource
https://www.cisa.gov/news-events/ics-advisories/icsa-21-119-04	Third Party Advisory US Government Resource
https://www.ti.com/tool/TI-RTOS-MCU	Product
https://www.cisa.gov/news-events/ics-advisories/icsa-21-119-04	Third Party Advisory US Government Resource
https://www.ti.com/tool/TI-RTOS-MCU	Product

Configurations

Configuration 1 (hide)

AND

cpe:2.3:o:ti:real-time_operating_system:-:*:*:*:*:*:*:*

OR	cpe:2.3:h:ti:cc3200:-:::::::*
	cpe:2.3:h:ti:cc3220r:-:::::::*
	cpe:2.3:h:ti:cc3220s:-:::::::*
	cpe:2.3:h:ti:cc3220sf:-:::::::*
	cpe:2.3:h:ti:cc3230s:-:::::::*
	cpe:2.3:h:ti:cc3230sf:-:::::::*
	cpe:2.3:h:ti:cc3235s:-:::::::*
	cpe:2.3:h:ti:cc3235sf:-:::::::*

Configuration 2 (hide)

OR	cpe:2.3:a:ti:simplelink_cc13xx_software_development_kit::::::::
	cpe:2.3:a:ti:simplelink_cc26xx_software_development_kit::::::::
	cpe:2.3:a:ti:simplelink_cc32xx_software_development_kit::::::::
	cpe:2.3:a:ti:simplelink_msp432e401y:-:::::::*
	cpe:2.3:a:ti:simplelink_msp432e411y:-:::::::*

History

21 Nov 2024, 05:58

Type	Values Removed	Values Added
References	~~() https://www.cisa.gov/news-events/ics-advisories/icsa-21-119-04 - Third Party Advisory, US Government Resource~~	() https://www.cisa.gov/news-events/ics-advisories/icsa-21-119-04 - Third Party Advisory, US Government Resource
References	~~() https://www.ti.com/tool/TI-RTOS-MCU - Product~~	() https://www.ti.com/tool/TI-RTOS-MCU - Product
CVSS	v2 : ~~unknown~~ v3 : ~~7.8~~	v2 : unknown v3 : 7.4

01 Dec 2023, 20:53

Type	Values Removed	Values Added
CVSS	v2 : ~~unknown~~ v3 : ~~unknown~~	v2 : unknown v3 : 7.8
References	~~() https://www.ti.com/tool/TI-RTOS-MCU -~~	() https://www.ti.com/tool/TI-RTOS-MCU - Product
References	~~() https://www.cisa.gov/news-events/ics-advisories/icsa-21-119-04 -~~	() https://www.cisa.gov/news-events/ics-advisories/icsa-21-119-04 - Third Party Advisory, US Government Resource
CPE		cpe:2.3:h:ti:cc3230s:-:::::::* cpe:2.3:h:ti:cc3230sf:-:::::::* cpe:2.3:a:ti:simplelink_cc32xx_software_development_kit:::::::: cpe:2.3:h:ti:cc3220s:-:::::::* cpe:2.3:h:ti:cc3220sf:-:::::::* cpe:2.3:a:ti:simplelink_cc13xx_software_development_kit:::::::: cpe:2.3:h:ti:cc3235sf:-:::::::* cpe:2.3:a:ti:simplelink_msp432e401y:-:::::::* cpe:2.3:h:ti:cc3200:-:::::::* cpe:2.3:a:ti:simplelink_cc26xx_software_development_kit:::::::: cpe:2.3:o:ti:real-time_operating_system:-:::::::* cpe:2.3:a:ti:simplelink_msp432e411y:-:::::::* cpe:2.3:h:ti:cc3235s:-:::::::* cpe:2.3:h:ti:cc3220r:-:::::::*
First Time		Ti simplelink Cc26xx Software Development Kit Ti cc3230s Ti Ti cc3220r Ti cc3235sf Ti cc3200 Ti simplelink Msp432e411y Ti cc3220s Ti cc3230sf Ti cc3220sf Ti simplelink Cc32xx Software Development Kit Ti simplelink Msp432e401y Ti cc3235s Ti simplelink Cc13xx Software Development Kit Ti real-time Operating System
CWE		CWE-190

21 Nov 2023, 18:15

Type	Values Removed	Values Added
New CVE

Information

Published : 2023-11-21 18:15

Updated : 2024-11-21 05:58

NVD link : CVE-2021-27502

Mitre link : CVE-2021-27502

CVE.ORG link : CVE-2021-27502

JSON object : View

Products Affected

cc3235s
cc3235sf
simplelink_cc13xx_software_development_kit
cc3230s
cc3220r
cc3200
simplelink_msp432e401y
cc3230sf
real-time_operating_system
simplelink_cc32xx_software_development_kit
simplelink_cc26xx_software_development_kit
cc3220sf
cc3220s
simplelink_msp432e411y

CWE

CWE-190

Integer Overflow or Wraparound

{"id": "CVE-2021-27502", "metrics": {"cvssMetricV31": [{"type": "Secondary", "source": "ics-cert@hq.dhs.gov", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 7.4, "attackVector": "LOCAL", "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H", "integrityImpact": "HIGH", "userInteraction": "NONE", "attackComplexity": "HIGH", "availabilityImpact": "HIGH", "privilegesRequired": "NONE", "confidentialityImpact": "HIGH"}, "impactScore": 5.9, "exploitabilityScore": 1.4}, {"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 7.8, "attackVector": "LOCAL", "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "integrityImpact": "HIGH", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "LOW", "confidentialityImpact": "HIGH"}, "impactScore": 5.9, "exploitabilityScore": 1.8}]}, "published": "2023-11-21T18:15:07.510", "references": [{"url": "https://www.cisa.gov/news-events/ics-advisories/icsa-21-119-04", "tags": ["Third Party Advisory", "US Government Resource"], "source": "ics-cert@hq.dhs.gov"}, {"url": "https://www.ti.com/tool/TI-RTOS-MCU", "tags": ["Product"], "source": "ics-cert@hq.dhs.gov"}, {"url": "https://www.cisa.gov/news-events/ics-advisories/icsa-21-119-04", "tags": ["Third Party Advisory", "US Government Resource"], "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "https://www.ti.com/tool/TI-RTOS-MCU", "tags": ["Product"], "source": "af854a3a-2127-422b-91ae-364da2661108"}], "vulnStatus": "Modified", "weaknesses": [{"type": "Secondary", "source": "ics-cert@hq.dhs.gov", "description": [{"lang": "en", "value": "CWE-190"}]}, {"type": "Primary", "source": "nvd@nist.gov", "description": [{"lang": "en", "value": "CWE-190"}]}], "descriptions": [{"lang": "en", "value": "Texas Instruments TI-RTOS, when configured to use HeapMem heap(default),\n malloc returns a valid pointer to a small buffer on extremely large \nvalues, which can trigger an integer overflow vulnerability in \n'HeapMem_allocUnprotected' and result in code execution."}, {"lang": "es", "value": "Texas Instruments TI-RTOS, cuando se configura para usar el heap HeapMem (predeterminado), malloc devuelve un puntero v\u00e1lido a un b\u00fafer peque\u00f1o en valores extremadamente grandes, lo que puede desencadenar una vulnerabilidad de desbordamiento de enteros en 'HeapMem_allocUnprotected' y provocar la ejecuci\u00f3n de c\u00f3digo."}], "lastModified": "2024-11-21T05:58:07.200", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:o:ti:real-time_operating_system:-:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "E289611E-871B-433E-BF10-CDABF650AAC9"}], "operator": "OR"}, {"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:h:ti:cc3200:-:*:*:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "E1738237-A64A-40A3-B201-7E0005CCA3A2"}, {"criteria": "cpe:2.3:h:ti:cc3220r:-:*:*:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "D436F6E3-B044-457E-B67D-9C76105F0847"}, {"criteria": "cpe:2.3:h:ti:cc3220s:-:*:*:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "EE6E103B-F34A-477C-907D-B4EAE295D90E"}, {"criteria": "cpe:2.3:h:ti:cc3220sf:-:*:*:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "71ABA01C-4CB1-4DD5-9263-79A58BED3A9B"}, {"criteria": "cpe:2.3:h:ti:cc3230s:-:*:*:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "E34FD25E-D5C2-40F0-81E2-A8A102934E8C"}, {"criteria": "cpe:2.3:h:ti:cc3230sf:-:*:*:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "3408EEBE-25EC-4CEA-8E96-DCFF7C66B3F6"}, {"criteria": "cpe:2.3:h:ti:cc3235s:-:*:*:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "370E65A3-17A4-4E05-BB4A-6C09BB5249CA"}, {"criteria": "cpe:2.3:h:ti:cc3235sf:-:*:*:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "B06F9E6A-690D-4E95-ADD4-927995EE5523"}], "operator": "OR"}], "operator": "AND"}, {"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:ti:simplelink_cc13xx_software_development_kit:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "97B4CA27-1024-4347-8C0B-A8848950CB5B", "versionEndExcluding": "4.40.00"}, {"criteria": "cpe:2.3:a:ti:simplelink_cc26xx_software_development_kit:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "BCC0C102-7DCB-4959-91C6-ECA8429BB1A2", "versionEndExcluding": "4.40.00"}, {"criteria": "cpe:2.3:a:ti:simplelink_cc32xx_software_development_kit:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "61CF4AB1-347E-42F9-89FB-350445ED7E70", "versionEndExcluding": "4.10.03"}, {"criteria": "cpe:2.3:a:ti:simplelink_msp432e401y:-:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "538BC9EE-7C51-41CC-9A58-5FEB3261EF7C"}, {"criteria": "cpe:2.3:a:ti:simplelink_msp432e411y:-:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "EC7C493D-DAC1-4FBD-A056-C9D5CF98F9E0"}], "operator": "OR"}]}], "sourceIdentifier": "ics-cert@hq.dhs.gov"}

7.4 /10