Silabs.com Gsdk
12 CVEs affecting Silabs.com Gsdk. Latest disclosed: 2024-02-21. Critical: 2, High: 3.
| CVE | Severity | Score | Published | Summary |
|---|---|---|---|---|
CVE-2023-4280 | Critical | 9.3 | 2024-01-02 | An unvalidated input in Silicon Labs TrustZone implementation in v4.3.x and earlier of the Gecko SDK allows an attacker to access the trusted region of memory… |
CVE-2023-4020 | Critical | 9.0 | 2023-12-15 | An unvalidated input in a library function responsible for communicating between secure and non-secure memory in Silicon Labs TrustZone implementation allows r… |
CVE-2023-3487 | High | 7.7 | 2023-10-20 | An integer overflow in Silicon Labs Gecko Bootloader version 4.3.1 and earlier allows unbounded memory access when reading from or writing to storage slots. |
CVE-2023-6874 | High | 7.5 | 2024-02-05 | Prior to v7.4.0, Ember ZNet is vulnerable to a denial of service attack through manipulation of the NWK sequence number |
CVE-2023-6387 | High | 7.5 | 2024-02-02 | A potential buffer overflow exists in the Bluetooth LE HCI CPC sample application in the Gecko SDK which may result in a denial of service or remote code execu… |
CVE-2024-22473 | Medium | 6.8 | 2024-02-21 | TRNG is used before initialization by ECDSA signing driver when exiting EM2/EM3 on Virtual Secure Vault (VSE) devices. This defect may allow Signature Spoofing… |
CVE-2023-5138 | Medium | 6.8 | 2024-01-03 | Glitch detection is not enabled by default for the CortexM33 core in Silicon Labs secure vault high parts EFx32xG2xB, except EFR32xG21B. |
CVE-2024-0240 | Medium | 6.5 | 2024-02-15 | A memory leak in the Silicon Labs' Bluetooth stack for EFR32 products may cause memory to be exhausted when sending notifications to multiple clients, this res… |
CVE-2023-0775 | Medium | 6.5 | 2023-03-28 | An invalid ‘prepare write request’ command can cause the Bluetooth LE stack to run out of memory and fail to be able to handle subsequent connection requests… |
CVE-2023-3024 | Medium | 5.9 | 2023-09-29 | Forcing the Bluetooth LE stack to segment 'prepare write response' packets can lead to an out-of-bounds memory access. |
CVE-2023-41097 | Medium | 4.6 | 2023-12-21 | An Observable Timing Discrepancy, Covert Timing Channel vulnerability in Silabs GSDK on ARM potentially allows Padding Oracle Crypto Attack on CBC PKCS7.This i… |
CVE-2023-2747 | Low | 3.1 | 2023-06-15 | The initialization vector (IV) used by the secure engine (SE) for encrypting data stored in the SE flash memory is uninitialized. |