Lucene search

IcscertCVELIST:CVE-2021-22636

HistoryNov 20, 2023 - 7:02 p.m.

CVE-2021-22636 Texas Instruments TI-RTOS Integer Overflow or Wraparound

2023-11-2019:02:30

CWE-190

icscert

www.cve.org

texas instruments

ti-rtos

heapmem

integer overflow

vulnerability

code execution

7.4 High

CVSS3

Attack Vector

LOCAL

Attack Complexity

HIGH

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H

0.0004 Low

EPSS

Percentile

9.5%

JSON

Texas Instruments TI-RTOS, when configured to use HeapMem heap(default), malloc returns a valid pointer to a small buffer on extremely large values, which can trigger an integer overflow vulnerability in ‘HeapMem_allocUnprotected’ and result in code execution.

CNA Affected

[
  {
    "defaultStatus": "unaffected",
    "product": "CC32XX",
    "vendor": "Texas Instruments",
    "versions": [
      {
        "lessThan": "4.40.00.07",
        "status": "affected",
        "version": "0",
        "versionType": "custom"
      }
    ]
  },
  {
    "defaultStatus": "unaffected",
    "product": "SimpleLink MSP432E4XX",
    "vendor": "Texas Instruments",
    "versions": [
      {
        "status": "affected",
        "version": "all versions"
      }
    ]
  },
  {
    "defaultStatus": "unaffected",
    "product": "SimpleLink-CC13XX",
    "vendor": "Texas Instruments",
    "versions": [
      {
        "lessThan": "4.40.00",
        "status": "affected",
        "version": "0",
        "versionType": "custom"
      }
    ]
  },
  {
    "defaultStatus": "unaffected",
    "product": "SimpleLink-CC26XX",
    "vendor": "Texas Instruments",
    "versions": [
      {
        "lessThan": "4.40.00",
        "status": "affected",
        "version": "0",
        "versionType": "custom"
      }
    ]
  },
  {
    "defaultStatus": "unaffected",
    "product": "SimpleLink-CC32XX",
    "vendor": "Texas Instruments",
    "versions": [
      {
        "lessThan": "4.10.03",
        "status": "affected",
        "version": "0",
        "versionType": "custom"
      }
    ]
  }
]

References

www.cisa.gov/news-events/ics-advisories/icsa-21-119-04

www.ti.com/tool/TI-RTOS-MCU

7.4 High

CVSS3

Attack Vector

LOCAL

Attack Complexity

HIGH

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H

0.0004 Low

EPSS

Percentile

9.5%

JSON

Related for CVELIST:CVE-2021-22636