Report potential product security vulnerabilities
About TI PSIRT
At TI, we set a high priority on the security of our products. However, as we all know, no matter how much effort is put into product security, no product or customer system can be 100% secure. TI wants to learn about any potential security issues impacting our products so that we can take the necessary steps to promptly address them. TI’s Product Security Incident Response Team (PSIRT) oversees the process of accepting and responding to reports of potential security vulnerabilities involving TI semiconductor products, including hardware, software and documentation.
How to report a potential security vulnerability
You can contact the TI PSIRT to report a potential security vulnerability email@example.com.?Your report should be in English. TI will respond in a timely manner to confirm receipt of your email.?
Vulnerability information is extremely sensitive. The TI PSIRT strongly recommends that all submitted security vulnerability reports be sent encrypted, using the TI PSIRT PGP/GPG Key:
- Fingerprint: 898C ECC3 451F 9438 D972? 06B6 4C13 1A0F 9AF0 04D8
- Public Key File?(ZIP, 3 KB)
Free software to read and author PGP/GPG encrypted messages may be obtained from:
Recommended information to include in your report
To help the TI PSIRT perform triage of the potential security vulnerability, it is recommended that you provide the following information:
- TI hardware or software products potentially affected (including version or revision)
- How and when the potential vulnerability was discovered, and by whom
- Technical description of the potential vulnerability, including any related (1) known exploits and (2) existing CVE ID(s)
- Your contact information, so that TI is able to ask any necessary follow-up questions
Report handling process
Once submitted, TI follows the following process to evaluate and respond to the potential security vulnerability:
- Notification: TI becomes aware of a potential security vulnerability.
- Initial triage: TI reviews the submission to determine whether a TI product may be affected and whether sufficient information has been provided.
- Technical analysis: TI investigates the reported?potential vulnerability in greater technical? ? depth.
- Remediation: TI takes appropriate action for verified product security vulnerability.
- Disclosure: Where appropriate, TI discloses information about the verified vulnerability and may make available the remediation e.g. in a security advisory or a bulletin.?
 TI will score the vulnerability using?CVSS (Common Vulnerability Scoring System) v3.0, so that the vulnerability is properly prioritized for analysis and remediation. A?CVE (Common Vulnerabilities and Exposures) ID?for the vulnerability may be created, as needed.?
Responsible handling policy
Like most in the technology industry, TI PSIRT follows a responsible handling policy.? Our policy describes what you can expect from TI and our expectation from you. It is based on the?CERT? Guide to Coordinated Vulnerability Disclosure. Before you submit a report, please review our policy as it describes the basis of our relationship with you.
Below you will find?public information?about security vulnerabilities and our available mediations.
|Incident ID||Description||Publication date|
|TI-PSIRT-2018-060007||BLE-STACK Heap Overflow Issue||Nov. 1, 2018|
|TI-PSIRT-2019-010018||BT (BR/EDR) SIG Errata 11838 - LMP Encryption Key Minimum Size Change||Aug. 20, 2019|
|TI-PSIRT-2019-050023||CC256x and WL18xx Bluetooth Low Energy - LE scan vulnerability?(CVE-2019-15948)||Nov. 12, 2019|
|TI-PSIRT-2019-060025||CC254x OAD: AES CTR crypto implementation vulnerability||Nov. 12, 2019|
|TI-PSIRT-2019-060032||CC254x OAD: AES-CBC MAC verification vulnerability||Nov. 12, 2019|
|TI-PSIRT-2019-100034||Bluetooth Low Energy – unexpected public key crash?(SweynTooth, CVE-2019-17520)||Feb. 19, 2020|
|TI-PSIRT-2019-100036||Bluetooth Low Energy – Invalid Connection Request?(SweynTooth, CVE-2019-19193)||Feb. 19, 2020|
|TI-PSIRT-2019-080030||Variable Time Tag Comparison on SimpleLink? Devices||Feb. 28, 2020|
|TI-PSIRT-2020-020038||Bluetooth Low Energy, Basic Rate/Enhanced DataRate – Method Confusion Pairing Vulnerability?(CVE-2020-10134)||May 18, 2020|
|TI-PSIRT-2020-040043||Bluetooth Basic Rate/Enhanced Data Rate –Bluetooth Impersonation Attacks?(BIAS, CVE-2020-10135)||May 18, 2020|
TI PSIRT discloses information publicly where appropriate; this should not be considered a comprehensive list of incidents that?we have?handled. Inquiries regarding specific incidents can be addressed firstname.lastname@example.org.