Ti: Security Vulnerabilities
An issue in Texas Instruments Fusion Digital Power Designer v.7.10.1 allows a local attacker to obtain sensitive information via the plaintext storage of credentials
CVSS Score
5.5
EPSS Score
0.0
Published
2024-09-12
Texas Instruments TI-RTOS, when configured to use HeapMem heap(default),
malloc returns a valid pointer to a small buffer on extremely large
values, which can trigger an integer overflow vulnerability in
'HeapMem_allocUnprotected' and result in code execution.
CVSS Score
7.4
EPSS Score
0.001
Published
2023-11-21
Texas Instruments devices running FREERTOS, malloc returns a valid
pointer to a small buffer on extremely large values, which can trigger
an integer overflow vulnerability in 'malloc' for FreeRTOS, resulting in
code execution.
CVSS Score
7.4
EPSS Score
0.001
Published
2023-11-21
Texas Instruments TI-RTOS, when configured to use HeapMem heap(default), malloc returns a valid pointer to a small buffer on extremely large values, which can trigger an integer overflow vulnerability in 'HeapMem_allocUnprotected' and result in code execution.
CVSS Score
7.4
EPSS Score
0.0
Published
2023-11-20
Texas Instruments TI-RTOS returns a valid pointer to a small buffer on extremely large values. This can trigger an integer overflow vulnerability in 'HeapTrack_alloc' and result in code execution.
CVSS Score
7.4
EPSS Score
0.0
Published
2023-11-20
The AES implementation in the Texas Instruments OMAP L138 (secure variants), present in mask ROM, suffers from a timing side channel which can be exploited by an adversary with non-secure supervisor privileges by managing cache contents and collecting timing information for different ciphertext inputs. Using this side channel, the SK_LOAD secure kernel routine can be used to recover the Customer Encryption Key (CEK).
CVSS Score
4.4
EPSS Score
0.0
Published
2023-10-19
The Texas Instruments OMAP L138 (secure variants) trusted execution environment (TEE) performs an RSA check implemented in mask ROM when loading a module through the SK_LOAD routine. However, only the module header authenticity is validated. An adversary can re-use any correctly signed header and append a forged payload, to be encrypted using the CEK (obtainable through CVE-2022-25332) in order to obtain arbitrary code execution in secure context. This constitutes a full break of the TEE security architecture.
CVSS Score
8.2
EPSS Score
0.0
Published
2023-10-19
The Texas Instruments OMAP L138 (secure variants) trusted execution environment (TEE) lacks a bounds check on the signature size field in the SK_LOAD module loading routine, present in mask ROM. A module with a sufficiently large signature field causes a stack overflow, affecting secure kernel data pages. This can be leveraged to obtain arbitrary code execution in secure supervisor context by overwriting a SHA256 function pointer in the secure kernel data area when loading a forged, unsigned SK_LOAD module encrypted with the CEK (obtainable through CVE-2022-25332). This constitutes a full break of the TEE security architecture.
CVSS Score
8.2
EPSS Score
0.0
Published
2023-10-19
The Texas Instruments (TI) WiLink WL18xx MCP driver does not limit the number of information elements (IEs) of type XCC_EXT_1_IE_ID or XCC_EXT_2_IE_ID that can be parsed in a management frame. Using a specially crafted frame, a buffer overflow can be triggered that can potentially lead to remote code execution. This affects WILINK8-WIFI-MCP8 version 8.5_SP3 and earlier.
CVSS Score
9.8
EPSS Score
0.539
Published
2023-08-14
An information disclosure vulnerability exists in the HTTP Server /ping.html functionality of Texas Instruments CC3200 SimpleLink Solution NWP 2.9.0.0. A specially-crafted HTTP request can lead to an uninitialized read. An attacker can send an HTTP request to trigger this vulnerability.
CVSS Score
5.3
EPSS Score
0.02
Published
2022-02-16
Page 1