Lucene search

[email protected]CVE-2023-4280

HistoryJan 02, 2024 - 5:15 p.m.

CVE-2023-4280

2024-01-0217:15:09

CWE-787

CWE-20

CWE-125

[email protected]

web.nvd.nist.gov

cve-2023-4280

vulnerability

silicon labs

trustzone

memory access

9.8 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

9.3 High

AI Score

Confidence

High

0.001 Low

EPSS

Percentile

38.7%

JSON

An unvalidated input in Silicon Labs TrustZone implementation in v4.3.x and earlier of the Gecko SDK allows an attacker to access the trusted region of memory from the untrusted region.

Affected configurations

NVD

Node

silabsgecko_software_development_kitRange1.0.0–4.3.2

CPENameOperatorVersion
silabs:gecko_software_development_kitsilabs gecko software development kitle4.3.2

CPE	Name	Operator	Version
silabs:gecko_software_development_kit	silabs gecko software development kit	le	4.3.2

CNA Affected

[
  {
    "defaultStatus": "unaffected",
    "product": "GSDK",
    "vendor": "silabs.com",
    "versions": [
      {
        "lessThanOrEqual": "4.3.x",
        "status": "affected",
        "version": "1.0",
        "versionType": "patch"
      }
    ]
  }
]

References

community.silabs.com/069Vm0000004NinIAE

github.com/SiliconLabs/gecko_sdk

9.8 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

9.3 High

AI Score

Confidence

High

0.001 Low

EPSS

Percentile

38.7%

JSON

Related for CVE-2023-4280

prion1 nvd1 osv1 cvelist1