CVE-2023-4020

An unvalidated input in a library function responsible for communicating between secure and non-secure memory in Silicon Labs TrustZone implementation allows reading/writing of memory in the secure region of memory from the non-secure region of memory.

CVSS v3 9.1 CRITICAL

9.1^/10

CVSS v3 : CRITICAL

Vector :

Exploitability : 3.9 / Impact : 5.2

Attack Vector NETWORK

Attack Complexity LOW

Privileges Required NONE

User Interaction NONE

Confidentiality Impact HIGH

Integrity Impact HIGH

Availability Impact NONE

Scope UNCHANGED

References

Link	Resource
https://community.silabs.com/069Vm0000004b95IAA	Permissions Required
https://github.com/SiliconLabs/gecko_sdk/releases	Release Notes

Configurations

Configuration 1 (hide)

cpe:2.3:a:silabs:gecko_software_development_kit:*:*:*:*:*:*:*:*

History

19 Dec 2023, 20:37

Type	Values Removed	Values Added
References	~~() https://community.silabs.com/069Vm0000004b95IAA -~~	() https://community.silabs.com/069Vm0000004b95IAA - Permissions Required
References	~~() https://github.com/SiliconLabs/gecko_sdk/releases -~~	() https://github.com/SiliconLabs/gecko_sdk/releases - Release Notes
CVSS	v2 : ~~unknown~~ v3 : ~~9.0~~	v2 : unknown v3 : 9.1
CPE		cpe:2.3:a:silabs:gecko_software_development_kit::::::::
CWE		NVD-CWE-noinfo
Summary		(es) Una entrada no validada en una función de librería responsable de la comunicación entre la memoria segura y no segura en la implementación TrustZone de Silicon Labs permite la lectura/escritura de la memoria en la región segura de la memoria desde la región no segura de la memoria.
First Time		Silabs gecko Software Development Kit Silabs

15 Dec 2023, 21:15

Type	Values Removed	Values Added
New CVE

Information

Published : 2023-12-15 21:15

Updated : 2023-12-19 20:37

NVD link : CVE-2023-4020

Mitre link : CVE-2023-4020

CVE.ORG link : CVE-2023-4020

JSON object : View

Products Affected

silabs

gecko_software_development_kit

CWE

NVD-CWE-noinfo CWE-20

Improper Input Validation

{"id": "CVE-2023-4020", "metrics": {"cvssMetricV31": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 9.1, "attackVector": "NETWORK", "baseSeverity": "CRITICAL", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N", "integrityImpact": "HIGH", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "NONE", "privilegesRequired": "NONE", "confidentialityImpact": "HIGH"}, "impactScore": 5.2, "exploitabilityScore": 3.9}, {"type": "Secondary", "source": "product-security@silabs.com", "cvssData": {"scope": "CHANGED", "version": "3.1", "baseScore": 9.0, "attackVector": "LOCAL", "baseSeverity": "CRITICAL", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:N", "integrityImpact": "HIGH", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "NONE", "privilegesRequired": "NONE", "confidentialityImpact": "HIGH"}, "impactScore": 5.8, "exploitabilityScore": 2.5}]}, "published": "2023-12-15T21:15:08.560", "references": [{"url": "https://community.silabs.com/069Vm0000004b95IAA", "tags": ["Permissions Required"], "source": "product-security@silabs.com"}, {"url": "https://github.com/SiliconLabs/gecko_sdk/releases", "tags": ["Release Notes"], "source": "product-security@silabs.com"}], "vulnStatus": "Analyzed", "weaknesses": [{"type": "Primary", "source": "nvd@nist.gov", "description": [{"lang": "en", "value": "NVD-CWE-noinfo"}]}, {"type": "Secondary", "source": "product-security@silabs.com", "description": [{"lang": "en", "value": "CWE-20"}]}], "descriptions": [{"lang": "en", "value": "An unvalidated input in a library function responsible for communicating between secure and non-secure memory in Silicon Labs TrustZone implementation allows reading/writing of memory in the secure region of memory from the non-secure region of memory."}, {"lang": "es", "value": "Una entrada no validada en una funci\u00f3n de librer\u00eda responsable de la comunicaci\u00f3n entre la memoria segura y no segura en la implementaci\u00f3n TrustZone de Silicon Labs permite la lectura/escritura de la memoria en la regi\u00f3n segura de la memoria desde la regi\u00f3n no segura de la memoria."}], "lastModified": "2023-12-19T20:37:21.960", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:silabs:gecko_software_development_kit:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "1CCF9CCF-153F-40B5-941A-A430C146C3BA", "versionEndExcluding": "4.4.0", "versionStartIncluding": "1.0.0"}], "operator": "OR"}]}], "sourceIdentifier": "product-security@silabs.com"}