• Menu
  • Product
  • Email
  • PDF
  • Order now
  • Bluetooth Low Energy: Unexpected Public Key Crash (SweynTooth)

    • SWRA804 February   2020 CC1350 , CC2640 , CC2650

       

  • CONTENTS
  • SEARCH
  • Bluetooth Low Energy: Unexpected Public Key Crash (SweynTooth)
  1.   1
  2. 1Summary
  3. 2Vulnerability
  4. 3Revision History
  5. IMPORTANT NOTICE
search No matches found.
  • Full reading width
    • Full reading width
    • Comfortable reading width
    • Expanded reading width
  • Card for each section
  • Card with all content

 

PSIRT Notification

Bluetooth Low Energy: Unexpected Public Key Crash (SweynTooth)

1 Summary

As part of the TI Product Security Incident Response Team (PSIRT) process, we would like to notify you about the potential vulnerability of unexpected public key crash as mentioned part of the SweynTooth vulnerabilities.

2 Vulnerability

Summary

The Bluetooth Low Energy peripheral implementation in our SimpleLink™ SDK allows reception of the Secure Manager Protocol (SMP) public key packet even when legacy pairing procedure is used. This can allow attackers in radio range to potentially crash the device via a crafted packet resulting in a denial of service.

When the Bluetooth Low Energy device that is configured in peripheral role performs the legacy pairing procedure, it is possible to cause a device hard fault by sending an SMP public key packet before the SMP pairing procedure starts. If this behavior is not properly handled in the application, the device can potentially enter a dead-lock state, leading to denial of service.

TI PSIRT ID

TI-PSIRT-2019-100034

CVE ID

CVE-2019-17520

CVSS Base Score

5.7

CVSS Vector

CVSS:3.0/AV:A/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H

Affected Products

Here is the list of affected Bluetooth Low Energy SDKs:

  • CC2640R2 SDK, BLE-STACK (SDK v3.30.00.20 and prior versions)
  • CC2640R2 SDK, BLE5-STACK (SDK v3.30.00.20 and prior versions)
  • CC13X2-26X2-SDK, BLE5-STACK (SDK v3.30.00.03 and prior versions)
  • CC1350 SDK, BLE-STACK (SDK v3.20.xx and prior versions)
  • CC26x0 BLE-STACK (BLE-STACK v2.2.0, v2.2.1, v2.2.2 and v2.2.3)

Potentially Impacted Features

The potential vulnerability can impact Bluetooth Low Energy devices running affected SDK versions that have configured the devices as a Bluetooth Low Energy peripheral and legacy pairing procedure is enabled.

Suggested Mitigations

The following service-pack release addresses the potential vulnerability:

Affected SDK SDK Version with Mitigations SDK Releases with Mitigations
CC2640R2 SDK, BLE-STACK SDK v3.40.00.10 10-Jan-2020
CC2640R2 SDK, BLE5-STACK
CC13X2-26X2-SDK, BLE5-STACK SDK v3.40.00.02 20-Dec-2019
CC13x0 SDK, BLE-STACK SDK v4.10.xx 20-Mar-2020
BLE-STACK (support for CC2640/CC2650 ) BLE-STACK v2.2.4 16-Mar-2020
Note: Consider subscribing to “Alert Me” at the corresponding SDK download links to be notified of the new SDK releases.

External References

GitHub, SweynTooth

 

Texas Instruments

© Copyright 1995-2025 Texas Instruments Incorporated. All rights reserved.
Submit documentation feedback | IMPORTANT NOTICE | Trademarks | Privacy policy | Cookie policy | Terms of use | Terms of sale