Lucene search

SilabsVULNRICHMENT:CVE-2023-41093

HistoryJul 12, 2024 - 7:56 p.m.

CVE-2023-41093 Loss of confidentiality due to potential race condition in Bluetooth controller Connection_Handle reuse

2024-07-1219:56:16

CWE-416

Silabs

github.com

confidentiality

bluetooth

vulnerability

silicon labs

intercept

network

timing

packets

sdk

CVSS3

3.1

Attack Vector

ADJACENT

Attack Complexity

HIGH

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

LOW

Integrity Impact

NONE

Availability Impact

NONE

CVSS:3.1/AV:A/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N

AI Score

6.9

Confidence

High

EPSS

Percentile

13.4%

SSVC

Exploitation

none

Automatable

Technical Impact

partial

JSON

Use After Free vulnerability in Silicon Labs Bluetooth SDK on 32 bit, ARM may allow an attacker with precise timing capabilities to intercept a small number of packets intended for a recipient that has left the network.This issue affects Silabs Bluetooth SDK: through 8.0.0.

CNA Affected

[
  {
    "repo": "https://github.com/SiliconLabs/simplicity_sdk",
    "vendor": "Silicon Labs",
    "product": "Simplicity SDK",
    "versions": [
      {
        "status": "affected",
        "version": "0",
        "versionType": "semver",
        "lessThanOrEqual": "8.0.0"
      }
    ],
    "platforms": [
      "32 bit",
      "ARM"
    ],
    "packageName": "Bluetooth SDK",
    "collectionURL": "https://github.com/SiliconLabs/simplicity_sdk/releases",
    "defaultStatus": "affected"
  }
]

References

community.silabs.com/068Vm000007v4HP

CVSS3

3.1

Attack Vector

ADJACENT

Attack Complexity

HIGH

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

LOW

Integrity Impact

NONE

Availability Impact

NONE

CVSS:3.1/AV:A/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N

AI Score

6.9

Confidence

High

EPSS

Percentile

13.4%

SSVC

Exploitation

none

Automatable

Technical Impact

partial

JSON

Related for VULNRICHMENT:CVE-2023-41093