CVE-2023-4280

An unvalidated input in Silicon Labs TrustZone implementation in v4.3.x and earlier of the Gecko SDK allows an attacker to access the trusted region of memory from the untrusted region.

CVSS v3 9.8 CRITICAL

9.8^/10

CVSS v3 : CRITICAL

Vector :

Exploitability : 3.9 / Impact : 5.9

Attack Vector NETWORK

Attack Complexity LOW

Privileges Required NONE

User Interaction NONE

Confidentiality Impact HIGH

Integrity Impact HIGH

Availability Impact HIGH

Scope UNCHANGED

References

Link	Resource
https://community.silabs.com/069Vm0000004NinIAE	Permissions Required
https://github.com/SiliconLabs/gecko_sdk	Product

Configurations

Configuration 1 (hide)

cpe:2.3:a:silabs:gecko_software_development_kit:*:*:*:*:*:*:*:*

History

09 Jan 2024, 16:51

Type	Values Removed	Values Added
Summary		(es) Una entrada no validada en la implementación de Silicon Labs TrustZone en v4.3.x y versiones anteriores del SDK de Gecko permite a un atacante acceder a la región confiable de la memoria desde la región que no es confiable.
CWE		NVD-CWE-noinfo
References	~~() https://community.silabs.com/069Vm0000004NinIAE -~~	() https://community.silabs.com/069Vm0000004NinIAE - Permissions Required
References	~~() https://github.com/SiliconLabs/gecko_sdk -~~	() https://github.com/SiliconLabs/gecko_sdk - Product
CPE		cpe:2.3:a:silabs:gecko_software_development_kit::::::::
CVSS	v2 : ~~unknown~~ v3 : ~~9.3~~	v2 : unknown v3 : 9.8
First Time		Silabs gecko Software Development Kit Silabs

02 Jan 2024, 17:15

Type	Values Removed	Values Added
New CVE

Information

Published : 2024-01-02 17:15

Updated : 2024-01-09 16:51

NVD link : CVE-2023-4280

Mitre link : CVE-2023-4280

CVE.ORG link : CVE-2023-4280

JSON object : View

Products Affected

silabs

gecko_software_development_kit

CWE

NVD-CWE-noinfo CWE-125

Out-of-bounds Read

CWE-20

Improper Input Validation

CWE-787

Out-of-bounds Write

{"id": "CVE-2023-4280", "metrics": {"cvssMetricV31": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 9.8, "attackVector": "NETWORK", "baseSeverity": "CRITICAL", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "integrityImpact": "HIGH", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "NONE", "confidentialityImpact": "HIGH"}, "impactScore": 5.9, "exploitabilityScore": 3.9}, {"type": "Secondary", "source": "product-security@silabs.com", "cvssData": {"scope": "CHANGED", "version": "3.1", "baseScore": 9.3, "attackVector": "LOCAL", "baseSeverity": "CRITICAL", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H", "integrityImpact": "HIGH", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "NONE", "confidentialityImpact": "HIGH"}, "impactScore": 6.0, "exploitabilityScore": 2.5}]}, "published": "2024-01-02T17:15:09.520", "references": [{"url": "https://community.silabs.com/069Vm0000004NinIAE", "tags": ["Permissions Required"], "source": "product-security@silabs.com"}, {"url": "https://github.com/SiliconLabs/gecko_sdk", "tags": ["Product"], "source": "product-security@silabs.com"}], "vulnStatus": "Analyzed", "weaknesses": [{"type": "Primary", "source": "nvd@nist.gov", "description": [{"lang": "en", "value": "NVD-CWE-noinfo"}]}, {"type": "Secondary", "source": "product-security@silabs.com", "description": [{"lang": "en", "value": "CWE-125"}, {"lang": "en", "value": "CWE-20"}, {"lang": "en", "value": "CWE-787"}]}], "descriptions": [{"lang": "en", "value": "An unvalidated input in Silicon Labs TrustZone implementation in v4.3.x and earlier of the Gecko SDK allows an attacker to access the trusted region of memory from the untrusted region."}, {"lang": "es", "value": "Una entrada no validada en la implementaci\u00f3n de Silicon Labs TrustZone en v4.3.x y versiones anteriores del SDK de Gecko permite a un atacante acceder a la regi\u00f3n confiable de la memoria desde la regi\u00f3n que no es confiable."}], "lastModified": "2024-01-09T16:51:14.477", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:silabs:gecko_software_development_kit:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "3194013E-B743-4C93-B612-F4C428C6F54B", "versionEndIncluding": "4.3.2", "versionStartIncluding": "1.0.0"}], "operator": "OR"}]}], "sourceIdentifier": "product-security@silabs.com"}