Out-of-Bounds error in GBL parser in Silicon Labs Gecko Bootloader version 4.0.1 and earlier allows attacker to overwrite flash Sign key and OTA decryption key via malicious bootloader upgrade.
References
Link | Resource |
---|---|
https://community.silabs.com/sfc/servlet.shepherd/document/download/0698Y00000Gdop4QAB?operationContext=S1 | Permissions Required Vendor Advisory |
https://github.com/SiliconLabs/gecko_sdk/blame/2e82050dc8823c9fe0e8908c1b2666fb83056230/platform/bootloader/core/btl_bootload.c | Exploit Third Party Advisory |
Configurations
History
03 Nov 2022, 16:41
Type | Values Removed | Values Added |
---|---|---|
CWE | CWE-787 | |
CPE | cpe:2.3:a:silabs:gecko_bootloader:*:*:*:*:*:*:*:* | |
References | (MISC) https://community.silabs.com/sfc/servlet.shepherd/document/download/0698Y00000Gdop4QAB?operationContext=S1 - Permissions Required, Vendor Advisory | |
References | (MISC) https://github.com/SiliconLabs/gecko_sdk/blame/2e82050dc8823c9fe0e8908c1b2666fb83056230/platform/bootloader/core/btl_bootload.c - Exploit, Third Party Advisory | |
First Time |
Silabs gecko Bootloader
Silabs |
|
CVSS |
v2 : v3 : |
v2 : unknown
v3 : 9.1 |
02 Nov 2022, 19:02
Type | Values Removed | Values Added |
---|---|---|
New CVE |
Information
Published : 2022-11-02 18:15
Updated : 2023-12-10 14:35
NVD link : CVE-2022-24936
Mitre link : CVE-2022-24936
CVE.ORG link : CVE-2022-24936
JSON object : View
Products Affected
silabs
- gecko_bootloader