Vulnerabilities > CVE-2017-18347 - Race Condition vulnerability in ST products

CVSS 4.9 - MEDIUM

Attack vector

LOCAL

Attack complexity

LOW

Privileges required

NONE

Confidentiality impact

COMPLETE

Integrity impact

NONE

Availability impact

NONE

local

low complexity

CWE-362

NVD

Published: 2018-09-12

Updated: 2021-05-04

Summary

Incorrect access control in RDP Level 1 on STMicroelectronics STM32F0 series devices allows physically present attackers to extract the device's protected firmware via a special sequence of Serial Wire Debug (SWD) commands because there is a race condition between full initialization of the SWD interface and the setup of flash protection.

Vulnerable Configurations

Part	Description	Count
OS	St ST Stm32F071Rb Firmware - ST Stm32F071V8 Firmware - ST Stm32F071Vb Firmware - ST Stm32F072C8 Firmware - ST Stm32F072Cb Firmware - ST Stm32F072R8 Firmware - ST Stm32F072Rb Firmware - ST Stm32F072V8 Firmware - ST Stm32F072Vb Firmware - ST Stm32F078Cb Firmware - ST Stm32F078Rb Firmware - ST Stm32F078Vb Firmware - ST Stm32F091Cb Firmware - ST Stm32F091Cc Firmware - ST Stm32F091Rb Firmware - ST Stm32F091Rc Firmware - ST Stm32F091Vb Firmware - ST Stm32F091Vc Firmware - ST Stm32F098Cc Firmware - ST Stm32F098Rc Firmware - ST Stm32F098Vc Firmware - ST Stm32F070C6 Firmware - ST Stm32F070Cb Firmware - ST Stm32F070F6 Firmware - ST Stm32F070Rb Firmware - ST Stm32F071C8 Firmware - ST Stm32F071Cb Firmware - ST Stm32F051T8 Firmware - ST Stm32F058C8 Firmware - ST Stm32F058R8 Firmware - ST Stm32F058T8 Firmware - ST Stm32F051K4 Firmware - ST Stm32F051K6 Firmware - ST Stm32F051K8 Firmware - ST Stm32F051R4 Firmware - ST Stm32F051R6 Firmware - ST Stm32F051R8 Firmware - ST Stm32F042T6 Firmware - ST Stm32F048C6 Firmware - ST Stm32F048G6 Firmware - ST Stm32F048T6 Firmware - ST Stm32F051C4 Firmware - ST Stm32F051C6 Firmware - ST Stm32F051C8 Firmware - ST Stm32F042F4 Firmware - ST Stm32F042F6 Firmware - ST Stm32F042G4 Firmware - ST Stm32F042G6 Firmware - ST Stm32F042K4 Firmware - ST Stm32F042K6 Firmware - ST Stm32F038C6 Firmware - ST Stm32F038E6 Firmware - ST Stm32F038F6 Firmware - ST Stm32F038G6 Firmware - ST Stm32F038K6 Firmware - ST Stm32F042C4 Firmware - ST Stm32F042C6 Firmware - ST Stm32F031E6 Firmware - ST Stm32F031F4 Firmware - ST Stm32F031F6 Firmware - ST Stm32F031G4 Firmware - ST Stm32F031G6 Firmware - ST Stm32F031K4 Firmware - ST Stm32F030F4 Firmware - ST Stm32F030K6 Firmware - ST Stm32F030R8 Firmware - ST Stm32F030Rc Firmware - ST Stm32F031C4 Firmware - ST Stm32F031C6 Firmware - ST Stm32F030C6 Firmware - ST Stm32F030C8 Firmware - ST Stm32F030Cc Firmware -	72
Hardware	St ST Stm32F071Rb - ST Stm32F071V8 - ST Stm32F071Vb - ST Stm32F072C8 - ST Stm32F072Cb - ST Stm32F072R8 - ST Stm32F072Rb - ST Stm32F072V8 - ST Stm32F072Vb - ST Stm32F078Cb - ST Stm32F078Rb - ST Stm32F078Vb - ST Stm32F091Cb - ST Stm32F091Cc - ST Stm32F091Rb - ST Stm32F091Rc - ST Stm32F091Vb - ST Stm32F091Vc - ST Stm32F098Cc - ST Stm32F098Rc - ST Stm32F098Vc - ST Stm32F070C6 - ST Stm32F070Cb - ST Stm32F070F6 - ST Stm32F070Rb - ST Stm32F071C8 - ST Stm32F071Cb - ST Stm32F051T8 - ST Stm32F058C8 - ST Stm32F058R8 - ST Stm32F058T8 - ST Stm32F051K4 - ST Stm32F051K6 - ST Stm32F051K8 - ST Stm32F051R4 - ST Stm32F051R6 - ST Stm32F051R8 - ST Stm32F042T6 - ST Stm32F048C6 - ST Stm32F048G6 - ST Stm32F048T6 - ST Stm32F051C4 - ST Stm32F051C6 - ST Stm32F051C8 - ST Stm32F042F4 - ST Stm32F042F6 - ST Stm32F042G4 - ST Stm32F042G6 - ST Stm32F042K4 - ST Stm32F042K6 - ST Stm32F038C6 - ST Stm32F038E6 - ST Stm32F038F6 - ST Stm32F038G6 - ST Stm32F038K6 - ST Stm32F042C4 - ST Stm32F042C6 - ST Stm32F031E6 - ST Stm32F031F4 - ST Stm32F031F6 - ST Stm32F031G4 - ST Stm32F031G6 - ST Stm32F031K4 - ST Stm32F030F4 - ST Stm32F030K6 - ST Stm32F030R8 - ST Stm32F030Rc - ST Stm32F031C4 - ST Stm32F031C6 - ST Stm32F030C6 - ST Stm32F030C8 - ST Stm32F030Cc -	72

Common Weakness Enumeration (CWE)

CWE-362 - Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition')

Common Attack Pattern Enumeration and Classification (CAPEC)

Leveraging Race Conditions
This attack targets a race condition occurring when multiple processes access and manipulate the same resource concurrently and the outcome of the execution depends on the particular order in which the access takes place. The attacker can leverage a race condition by "running the race", modifying the resource and modifying the normal execution flow. For instance a race condition can occur while accessing a file, the attacker can trick the system by replacing the original file with his version and cause the system to read the malicious file.
Leveraging Time-of-Check and Time-of-Use (TOCTOU) Race Conditions
This attack targets a race condition occurring between the time of check (state) for a resource and the time of use of a resource. The typical example is the file access. The attacker can leverage a file access race condition by "running the race", meaning that he would modify the resource between the first time the target program accesses the file and the time the target program uses the file. During that period of time, the attacker could do something such as replace the file and cause an escalation of privilege.

Summary

Vulnerable Configurations

Common Weakness Enumeration (CWE)

Common Attack Pattern Enumeration and Classification (CAPEC)

References