CVE-2018-18056 Information

Description

An issue was discovered in the Texas Instruments (TI) TM4C MSP432E and MSP432P microcontroller series. The eXecute-Only-Memory (XOM) implementation prevents code read-outs on protected memory by generating bus faults. However single-stepping and using breakpoints is allowed in XOM-protected flash memory. As a consequence it is possible to execute single instructions with arbitrary system states (e.g. registers status flags and SRAM content) and observe the state changes produced by the unknown instruction. An attacker could exploit this vulnerability by executing protected and unknown instructions with specific system states and observing the state changes. Based on the gathered information it is possible to reverse-engineer the executed instructions. The processor acts as a kind of \instruction oracle.\

CVSS Vector

CVSS:3.0/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

Reference

https://www.usenix.org/conference/woot19/presentation/schink https://www.usenix.org/system/files/woot19-paper_schink.pdf

Attack Complexity

LOW

Privileges Required

NONE

User Interaction Required

NONE

Scope

NONE

Confidentiality Impact

UNCHANGED

Integrity Impact

HIGH

Availability Impact

NONE

Base Score

NONE

Base Severity

4.6