Lucene search

GoogleOSV:CVE-2023-4020

HistoryDec 15, 2023 - 9:15 p.m.

CVE-2023-4020

2023-12-1521:15:08

Google

osv.dev

input validation

memory communication

trustzone

cve-2023-4020

software

9.1 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N

6.9 Medium

AI Score

Confidence

High

0.001 Low

EPSS

Percentile

38.7%

JSON

An unvalidated input in a library function responsible for communicating between secure and non-secure memory in Silicon Labs TrustZone implementation allows reading/writing of memory in the secure region of memory from the non-secure region of memory.

CPENameOperatorVersion
gecko_sdkeq4.2.2
gecko_sdkeq4.3.1
gecko_sdkeq4.3.2
gecko_sdkeq4.3.0
gecko_sdkeq4.2.3
gecko_sdkeq4.2.0
gecko_sdkeq4.2.1

Name	Operator	Version
gecko_sdk	eq	4.2.2
gecko_sdk	eq	4.3.1
gecko_sdk	eq	4.3.2
gecko_sdk	eq	4.3.0
gecko_sdk	eq	4.2.3
gecko_sdk	eq	4.2.0
gecko_sdk	eq	4.2.1

References

community.silabs.com/069Vm0000004b95IAA

github.com/SiliconLabs/gecko_sdk/releases

9.1 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N

6.9 Medium

AI Score

Confidence

High

0.001 Low

EPSS

Percentile

38.7%

JSON

Related for OSV:CVE-2023-4020