Lucene search

SilabsCVELIST:CVE-2023-41093

HistoryJul 12, 2024 - 7:56 p.m.

CVE-2023-41093 Loss of confidentiality due to potential race condition in Bluetooth controller Connection_Handle reuse

2024-07-1219:56:16

CWE-416

Silabs

www.cve.org

confidentiality

race condition

bluetooth

connection_handle reuse

use after free

silicon labs

arm

vulnerability

interception

network

sdk

cve-2023-41093

CVSS3

3.1

Attack Vector

ADJACENT

Attack Complexity

HIGH

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

LOW

Integrity Impact

NONE

Availability Impact

NONE

CVSS:3.1/AV:A/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N

EPSS

Percentile

13.4%

JSON

Use After Free vulnerability in Silicon Labs Bluetooth SDK on 32 bit, ARM may allow an attacker with precise timing capabilities to intercept a small number of packets intended for a recipient that has left the network.This issue affects Silabs Bluetooth SDK: through 8.0.0.

CNA Affected

[
  {
    "collectionURL": "https://github.com/SiliconLabs/simplicity_sdk/releases",
    "defaultStatus": "affected",
    "packageName": "Bluetooth SDK",
    "platforms": [
      "32 bit",
      "ARM"
    ],
    "product": "Simplicity SDK",
    "repo": "https://github.com/SiliconLabs/simplicity_sdk",
    "vendor": "Silicon Labs",
    "versions": [
      {
        "lessThanOrEqual": "8.0.0",
        "status": "affected",
        "version": "0",
        "versionType": "semver"
      }
    ]
  }
]

References

community.silabs.com/068Vm000007v4HP

CVSS3

3.1

Attack Vector

ADJACENT

Attack Complexity

HIGH

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

LOW

Integrity Impact

NONE

Availability Impact

NONE

CVSS:3.1/AV:A/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N

EPSS

Percentile

13.4%

JSON

Related for CVELIST:CVE-2023-41093