SWRA677 June   2020 CC1350 , CC2640R2F , CC2640R2F-Q1 , CC2642R , CC2642R-Q1 , CC2650 , CC2652P , CC2652R , CC2652R7 , CC2652RB , CC2652RSIP , CC3200 , CC3220MOD , CC3220MODA , CC3220R , CC3220S , CC3220SF , CC3235MODAS , CC3235MODASF , CC3235MODS , CC3235MODSF , CC3235S , CC3235SF , MSP432E401Y , MSP432E411Y

 

  1.   1
  2.   TI-PSIRT-2019-080030

TI-PSIRT-2019-080030

Publication date: June 5, 2020

Summary

The signature verification implementation uses a non-constant time memcmp function, which enables the MAC check to be potentially vulnerable to a timing attack.

CVSS base score: 7.5

CVSS vector: https://www.first.org/cvss/calculator/3.0

Affected products and versions

  • CC26X0
  • CC13X0
  • CC2640R2
  • CC26X2
  • CC13X2
  • MSP432E4
  • CC32XX

Potentially impacted features

  • CC26X0, CC13X0: AES CCM
  • CC26X2, CC13X2: AES CCM, AES GCM, ECDSA, ECJPAKE
  • MSP432E4: AES CCM, AES GCM
  • CC32XX: HMAC

Suggested mitigations

The following service pack releases address the potential vulnerability:

Affected SDK SDK version with mitigation
SimpleLink CC13x2-26x2-SDK 3.30.00.03 and newer
SimpleLink MSP432E4 SDK 3.30.00.22 and newer
SimpleLink CC32xx SDK 3.30.00.04 and newer
SimpleLink CC13x0 SDK 4.10.00.10 and newer
SimpleLink CC2640R2 SDK 4.10.00.10 and newer

Acknowledgment

  • TI internal finding

Revision history

  • Version 1.0 initial publication