CVE-2021-27429

HIGH

TI-RTOS - Code Injection

Title source: llm

Description

Texas Instruments TI-RTOS returns a valid pointer to a small buffer on extremely large values. This can trigger an integer overflow vulnerability in 'HeapTrack_alloc' and result in code execution.

References (2)

Core 2

Core References

Third Party Advisory, US Government Resource

https://www.cisa.gov/news-events/ics-advisories/icsa-21-119-04

Product

https://www.ti.com/tool/TI-RTOS-MCU

Scores

CVSS v3 7.4

EPSS 0.0028

EPSS Percentile 19.2%

Attack Vector LOCAL

CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H

Details

CWE

CWE-190

Status published

Products (6)

ti/real-time_operating_system

ti/simplelink_cc13xx_software_development_kit < 4.40.00

ti/simplelink_cc26xx_software_development_kit < 4.40.00

ti/simplelink_cc32xx_software_development_kit < 4.10.03

ti/simplelink_msp432e401y

ti/simplelink_msp432e411y

Published Nov 20, 2023

Tracked Since Feb 18, 2026