SB2018110202 - Multiple vulnerabilities in Texas Instruments chips

Description

This security bulletin contains information about 2 secuirty vulnerabilities.

1) Privilege escalation (CVE-ID: CVE-2018-7080)

The vulnerability allows a physical attacker to gain full control over on the target device.

The weakness exists due to an error when handling malicious input if the device using the chip has the over-the-air firmware download (OAD) feature enabled. A physical attacker who acquired the password by sniffing a legitimate update or reverse-engineering Aruba’s BLE firmware can connect to the BLE chip on a vulnerable access point, upload a malicious update to the targeted AP containing the attacker’s own code, completely rewrite the operating system and gain full control over it.

The vulnerability has been dubbed as "BLEEDINGBIT".

2) Buffer overflow (CVE-ID: CVE-2018-16986)

The vulnerability allows a physical attacker to execute arbitrary code on the target system.

The weakness exists due to boundary error when handling malicious input if BLE is turned on and the device is actively scanning. A physical attacker who is in range of the targeted device can send specially crafted packets containing malformed BLE frames, trigger memory corruption and execute arbitrary code. The attacker can also install a backdoor on the chip and then gain complete control of the system. In the case of access points, the attacker can use the compromised AP to spread to other devices on the network, even if segmentation is in place.

The vulnerability has been dubbed as "BLEEDINGBIT".

Remediation

Install update from vendor's website.

References

• http://www.ti.com/tool/BLE-STACK