Lucene search

K
vulnrichmentSilabsVULNRICHMENT:CVE-2023-41093
HistoryJul 12, 2024 - 7:56 p.m.

CVE-2023-41093 Loss of confidentiality due to potential race condition in Bluetooth controller Connection_Handle reuse

2024-07-1219:56:16
CWE-416
Silabs
github.com
2
confidentiality
bluetooth
vulnerability
silicon labs
intercept
network
timing
packets
sdk

CVSS3

3.1

Attack Vector

ADJACENT

Attack Complexity

HIGH

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

LOW

Integrity Impact

NONE

Availability Impact

NONE

CVSS:3.1/AV:A/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N

AI Score

6.9

Confidence

High

EPSS

0

Percentile

13.4%

SSVC

Exploitation

none

Automatable

no

Technical Impact

partial

Use After Free vulnerability in Silicon Labs Bluetooth SDK on 32 bit, ARM may allow an attacker with precise timing capabilities to intercept a small number of packets intended for a recipient that has left the network.This issue affects Silabs Bluetooth SDK: through 8.0.0.

CNA Affected

[
  {
    "repo": "https://github.com/SiliconLabs/simplicity_sdk",
    "vendor": "Silicon Labs",
    "product": "Simplicity SDK",
    "versions": [
      {
        "status": "affected",
        "version": "0",
        "versionType": "semver",
        "lessThanOrEqual": "8.0.0"
      }
    ],
    "platforms": [
      "32 bit",
      "ARM"
    ],
    "packageName": "Bluetooth SDK",
    "collectionURL": "https://github.com/SiliconLabs/simplicity_sdk/releases",
    "defaultStatus": "affected"
  }
]

CVSS3

3.1

Attack Vector

ADJACENT

Attack Complexity

HIGH

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

LOW

Integrity Impact

NONE

Availability Impact

NONE

CVSS:3.1/AV:A/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N

AI Score

6.9

Confidence

High

EPSS

0

Percentile

13.4%

SSVC

Exploitation

none

Automatable

no

Technical Impact

partial

Related for VULNRICHMENT:CVE-2023-41093