SWCA306 May 2026 CC1350 , CC1352P , CC1352P7 , CC1352R , CC2340R2 , CC2340R5 , CC2340R5-Q1 , CC2540 , CC2541 , CC2640 , CC2640R2F , CC2640R2F-Q1 , CC2640R2L , CC2642R , CC2642R-Q1 , CC2650 , CC2650MODA , CC2651P3 , CC2651R3 , CC2651R3SIPA , CC2652P , CC2652P7 , CC2652PSIP , CC2652R , CC2652R7 , CC2652RSIP , CC2744R7-Q1 , CC2745P10-Q1 , CC2745R10-Q1 , CC2745R7-Q1 , CC2755P10 , CC2755R10

Vulnerability

TI PSIRT ID

TI-PSIRT-2025-070275

CVSS Base Score:

6.5

CVSS Vector

CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

Affected Products

Part	Software Name	Software Version	BLE Stack Name	BLE Stack Version
CC2651P3, CC2651R3, CC2651R3SIPA, CC2642R, CC2652R, CC2652P, CC1352R, CC1352P, CC2652RSIP, CC2652PSIP, CC2642R-Q1, CC2652R7, CC2652P7, CC1352R7, CC1352P7	SIMPLELINK-CC13XX-CC26XX-SDK: SIMPLELINK-LOWPOWER-F2-SDK	SimpleLink™ CC13XX CC26XX SDK 7.41.00.17	BLE5-Stack	v2.2.8
CC2340R5, CC2340R5-Q1, CC2340R2	SIMPLELINK-LOWPOWER-F3-SDK	SimpleLink Low Power F3 SDK 9.10.00.00	BLE5-stack	v3.3.4
CC2745R10-Q1, CC2745R7-Q1, CC2744R7-Q1, CC2745P10-Q1, CC2755R10, CC2755P10	SIMPLELINK-LOWPOWER-F3-SDK	SimpleLink Low Power F3 SDK 9.10.00.00	BLE5-stack	v3.3.4
CC2640R2F, CC2640R2L, CC2640R2F-Q1	SIMPLELINK-CC2640R2-SDK: SimpleLink CC2640R2 SDK - Bluetooth low energy	SIMPLELINK-CC2640R2-SDK 5.30.01.11	BLE-Stack	v3.03.08.00 and earlier
CC2640R2F, CC2640R2L, CC2640R2F-Q1		SIMPLELINK-CC2640R2-SDK 5.30.01.11	BLE5-Stack	v1.01.14.00 and earlier
CC1350	SIMPLELINK-CC13X0-SDK: SimpleLink™ Sub-1 GHz CC13x0 Software Development Kit	SIMPLELINK-CC13X0-SDK 4.20.02.07	BLE-Stack	v2.03.11.00 and earlier
CC2640, CC2650, CC2650MODA	Not applicable	2.02.08.12	BLE-STACK-2-X	v2.02.07.06 and earlier
CC2540, CC2541	Not applicable	1.05.02.00	BLE-STACK-1-X	v1.05.02.00 and earlier

Potentially Impacted Features

The potential vulnerability can impact TI Bluetooth low energy (LE) devices running the affected SDK versions with an active connection and with LE data length extension (DLE) enabled.

Suggested Mitigations

The following SDK releases addresses the potential vulnerability:

Affected SDK	First SDK version with mitigations	First BLE stack version with mitigations
CC13XX-26XX-SDK, BLE5-STACK	SimpleLink Low Power F2 SDK 9.20.00.00	v3.4.0 (upcoming release)
CC2340 SDK, BLE5-STACK	SimpleLink Low Power F3 SDK 9.11.01.00	v3.3.4
CC27xx SDK, BLE5-STACK	SimpleLink Low Power F3 SDK 9.11.01.00	v3.3.4
CC2640R2 SDK, BLE5-STACK	In upcoming release	In upcoming release
CC2640R2 SDK, BLE-STACK	In upcoming release	In upcoming release
CC1350, CC26x0, CC25x0 SDK, BLE-STACK	Not applicable⁽¹⁾	Not applicable⁽¹⁾

(1) Mitigation on these device stacks is not supported as this is a fix to the BLE stack in devices' ROM, and with limited ROM patch space on these devices, the patch memory is being reserved for more critical PSIRT tickets in the future. If you have questions, please reach out to psirt@ti.com.

The software containing the mitigation described in this document can be distributed to already deployed devices through all enabled software update mechanisms, including over-the-air download (OTA/OAD) update procedures.

External References

Bluetooth Core Specification Version 5.3 Bluetooth SIG.
yangting111. "Length_Req_MaxRxBytes.md." Github repository. https://github.com/yangting111/BLE_TEST/blob/main/result/PoC/TI/Length_Req_MaxRxBytes.md