SWRA800 November 2023 TMS320F2800132 , TMS320F2800133 , TMS320F2800135 , TMS320F2800137 , TMS320F2800152-Q1 , TMS320F2800153-Q1 , TMS320F2800154-Q1 , TMS320F2800155 , TMS320F2800155-Q1 , TMS320F2800156-Q1 , TMS320F2800157 , TMS320F2800157-Q1 , TMS320F280033 , TMS320F280034 , TMS320F280034-Q1 , TMS320F280036-Q1 , TMS320F280036C-Q1 , TMS320F280037 , TMS320F280037-Q1 , TMS320F280037C , TMS320F280037C-Q1 , TMS320F280038-Q1 , TMS320F280038C-Q1 , TMS320F280039 , TMS320F280039-Q1 , TMS320F280039C , TMS320F280039C-Q1 , TMS320F28384D , TMS320F28384D-Q1 , TMS320F28384S , TMS320F28384S-Q1 , TMS320F28386D , TMS320F28386D-Q1 , TMS320F28386S , TMS320F28386S-Q1 , TMS320F28388D , TMS320F28388S , TMS320F28P650DH , TMS320F28P650DK , TMS320F28P650SH , TMS320F28P650SK , TMS320F28P659DH-Q1 , TMS320F28P659DK-Q1 , TMS320F28P659SH-Q1
The secure ROM implementation in several C2000 C28-based products can be exploited by an attacker to bypass memory zone protections enforced by the Dual Code Security Mode (DCSM). Attacks on secure memory regions are possible, bypassing the innermost boundary of protections of the DCSM.
TI-PSIRT-2023-080189
Not applicable.
6.7
The following attributes may be affected by this vulnerability:
Enable two features existing on the device:
These two features provide protection from an attacker connecting a debugger or using a bootloader to load code into internal memory. This injected code is required to launch an ROP/gadget attack on secure memory regions. Best cybersecurity coding and testing practices should also be employed on user application code to prevent attackers from loading their code into internal memory. This includes, but is not limited to, secondary bootloaders, firmware update code, and communication stacks.
We would like to thank Zhao Hai from Cyberpeace Tech Co., Ltd. for reporting this vulnerability to the TI Product Security Incident Response Team (PSIRT).