CVE-2024-53980

Name of the Vulnerable Software and Affected Versions: RIOT (affected versions not specified)

Description: A malicious actor can send a IEEE 802.15.4 packet with a spoofed length byte and optionally a spoofed FCS, resulting in an endless loop on a CC2538 receiver. The issue arises from the receiver checking the location of the CRC bit using the packet length byte, considering all 8 bits instead of discarding bit 7. This leads to reading outside of the RX FIFO, causing a discrepancy in the CRC check between the firmware and the radio. If the CPU judges the CRC as correct and the radio is set to AUTO ACK, the CPU will enter an endless loop when waiting for an acknowledgment.

Recommendations: At the moment, there is no information about a newer version that contains a fix for this vulnerability.