Texas Instruments CC2652RB LaunchPad Bluetooth Low Energy Denial-of-Service Vulnerability

A denial-of-service vulnerability has been identified in the Texas Instruments CC2652RB LaunchPad, specifically within the SimpleLink CC13XX CC26XX SDK version 7.41.00.17. The issue arises from inadequate permission checks on critical fields in Bluetooth Low Energy (BLE) data packets. This flaw enables attackers to disrupt services by sending a crafted LL_Length_Req packet.

Impact

Exploitation of this vulnerability leads to a denial-of-service condition, causing the device to become unresponsive or unavailable.

Reproduction

The vulnerability can be reproduced by sending a specially crafted LL_Length_Req packet to a device using the affected Texas Instruments CC2652RB LaunchPad and the specified SDK version. This packet manipulation takes advantage of the insufficient permission checks, causing a denial-of-service effect on the device.