As part of the TI Product Security Incident Response Team (PSIRT) process, we would like to notify you about the potential vulnerability of unexpected public key crash as mentioned part of the SweynTooth vulnerabilities.
The Bluetooth Low Energy peripheral implementation in our SimpleLink™ SDK allows reception of the Secure Manager Protocol (SMP) public key packet even when legacy pairing procedure is used. This can allow attackers in radio range to potentially crash the device via a crafted packet resulting in a denial of service.
When the Bluetooth Low Energy device that is configured in peripheral role performs the legacy pairing procedure, it is possible to cause a device hard fault by sending an SMP public key packet before the SMP pairing procedure starts. If this behavior is not properly handled in the application, the device can potentially enter a dead-lock state, leading to denial of service.
TI-PSIRT-2019-100034
CVE-2019-17520
5.7
Here is the list of affected Bluetooth Low Energy SDKs:
The potential vulnerability can impact Bluetooth Low Energy devices running affected SDK versions that have configured the devices as a Bluetooth Low Energy peripheral and legacy pairing procedure is enabled.
The following service-pack release addresses the potential vulnerability:
| Affected SDK | SDK Version with Mitigations | SDK Releases with Mitigations |
|---|---|---|
| CC2640R2 SDK, BLE-STACK | SDK v3.40.00.10 | 10-Jan-2020 |
| CC2640R2 SDK, BLE5-STACK | ||
| CC13X2-26X2-SDK, BLE5-STACK | SDK v3.40.00.02 | 20-Dec-2019 |
| CC13x0 SDK, BLE-STACK | SDK v4.10.xx | 20-Mar-2020 |
| BLE-STACK (support for CC2640/CC2650 ) | BLE-STACK v2.2.4 | 16-Mar-2020 |
GitHub, SweynTooth