A potential security vulnerability has been identified in TI CC256x and WL18xx dual-mode Bluetooth® controller devices. If using Bluetooth Low Energy and LE scan feature, attackers may be able to trigger a buffer overflow via a malformed Bluetooth Low Energy advertising packet to cause a denial of service or potentially execute arbitrary code.
TI-PSIRT-2019-050023
CVE-2019-15948
7.6
This potential vulnerability is only exploitable if one of the affected devices mentioned above is configured to use the Bluetooth Low Energy feature, and the LE scan (observer) is enabled in Bluetooth Low Energy. If Bluetooth Low Energy is disabled or configured in broadcaster/advertiser role or in peripheral role with no scan enabled, the exploit is not possible.
The following service-pack releases address the vulnerability described in the CVE-2019-15948.
TI would like to thank Veronica Kovah, from Dark Mentor LLC, for reporting this vulnerability to TI PSIRT and working toward a coordinated disclosure.
DATE | REVISION | NOTES |
---|---|---|
November 2019 | * | Initial Release |