Vulnerability

TI PSIRT ID

TI-PSIRT-2022-120160

CVE ID:

CVE-2023-29468

CVSS Score

The CVSS base score for this issue can range from 8.8 to 9.6. The higher base score reflects a Confidentiality and Integrity impact of High. However, some systems can have a Confidentiality or Integrity Impact of Low depending on the characteristics of the host processor executing the WL18xx MCP driver and whether the disclosure or modification of the memory that can be accessed represents a direct or serious loss.

CVSS vector

• High Score (9.6): CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H
• Low Score (8.8): CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:C/C:L/I:L/A:H

Affected Products

• WILINK8-WIFI-MCP8 version 8.5_SP3 and earlier

Potentially Impacted Features

An attacker within wireless range of a potentially vulnerable device can gain the ability to overwrite memory of the host processor executing the MCP driver.

Suggested Mitigations

In MCP8.5_SP3\WiLink\UWD\src\Services\mlmeParser.c, include the following code starting at line 720:

if( rsnIeIdx >= 3 ) 
{
TRACE(pHandle->hReport, REPORT_SEVERITY_ERROR, "MLME_PARSER: Number of RSN IEs exeeds 3\n");
return TI_NOK; 
}

Acknowledgments

We want to thank Omri Ben Bassat of Microsoft for reporting this vulnerability to the TI Product Security Incident Response Team (PSIRT).