U.S. flag   An official website of the United States government
Dot gov

Official websites use .gov
A .gov website belongs to an official government organization in the United States.

Https

Secure .gov websites use HTTPS
A lock (Dot gov) or https:// means you've safely connected to the .gov website. Share sensitive information only on official, secure websites.

CVE-2024-53980 Detail

Description

RIOT is an open-source microcontroller operating system, designed to match the requirements of Internet of Things (IoT) devices and other embedded devices. A malicious actor can send a IEEE 802.15.4 packet with spoofed length byte and optionally spoofed FCS, which eventually results into an endless loop on a CC2538 as receiver. Before PR #20998, the receiver would check for the location of the CRC bit using the packet length byte by considering all 8 bits, instead of discarding bit 7, which is what the radio does. This then results into reading outside of the RX FIFO. Although it prints an error when attempting to read outside of the RX FIFO, it will continue doing this. This may lead to a discrepancy in the CRC check according to the firmware and the radio. If the CPU judges the CRC as correct and the radio is set to `AUTO_ACK`, when the packet requests and acknowledgment the CPU will go into the state `CC2538_STATE_TX_ACK`. However, if the radio judged the CRC as incorrect, it will not send an acknowledgment, and thus the `TXACKDONE` event will not fire. It will then never return to the state `CC2538_STATE_READY` since the baseband processing is still disabled. Then the CPU will be in an endless loop. Since setting to idle is not forced, it won't do it if the radio's state is not `CC2538_STATE_READY`. A fix has not yet been made.


Metrics

NVD enrichment efforts reference publicly available information to associate vector strings. CVSS information contributed by other sources is also displayed.
CVSS 4.0 Severity and Vector Strings:

NIST CVSS score
NIST: NVD
N/A
NVD assessment not yet provided.

Nist CVSS score does not match with CNA score
CNA:  GitHub, Inc.
CVSS-B 6.9 MEDIUM
Vector:  CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N

References to Advisories, Solutions, and Tools

By selecting these links, you will be leaving NIST webspace. We have provided these links to other web sites because they may have information that would be of interest to you. No inferences should be drawn on account of other sites being referenced, or not, from this page. There may be other web sites that are more appropriate for your purpose. NIST does not necessarily endorse the views expressed, or concur with the facts presented on these sites. Further, NIST does not endorse any commercial products that may be mentioned on these sites. Please address comments about this page to nvd@nist.gov.

Hyperlink Resource
https://github.com/RIOT-OS/RIOT/blob/1a418ccfedeb79dbce1d79f49e63a28906184794/cpu/cc2538/radio/cc2538_rf_radio_ops.c#L183
https://github.com/RIOT-OS/RIOT/blob/1a418ccfedeb79dbce1d79f49e63a28906184794/cpu/cc2538/radio/cc2538_rf_radio_ops.c#L417
https://github.com/RIOT-OS/RIOT/blob/1a418ccfedeb79dbce1d79f49e63a28906184794/cpu/cc2538/radio/cc2538_rf_radio_ops.c#L419
https://github.com/RIOT-OS/RIOT/blob/1a418ccfedeb79dbce1d79f49e63a28906184794/cpu/cc2538/radio/cc2538_rf_radio_ops.c#L421-L422
https://github.com/RIOT-OS/RIOT/blob/1a418ccfedeb79dbce1d79f49e63a28906184794/sys/net/link_layer/ieee802154/submac.c#L149
https://github.com/RIOT-OS/RIOT/pull/20998
https://github.com/RIOT-OS/RIOT/security/advisories/GHSA-m75q-8vj8-wppw

Weakness Enumeration

CWE-ID CWE Name Source
CWE-835 Loop with Unreachable Exit Condition ('Infinite Loop') GitHub, Inc.  

Change History

1 change records found show changes

Quick Info

CVE Dictionary Entry:
CVE-2024-53980
NVD Published Date:
11/29/2024
NVD Last Modified:
11/29/2024
Source:
GitHub, Inc.