Gecko Standalone Bootloader vulnerability may allow bypassing application secure boot in some Series 2 devices
CVE-2022-24936

8.3HIGH

Key Information:

Vendor: Silabs.com
Status: Gecko Bootloader
Vendor: CVE Published:; 2 November 2022

What is CVE-2022-24936?

Out-of-Bounds error in GBL parser in Silicon Labs Gecko Bootloader version 4.0.1 and earlier allows attacker to overwrite flash Sign key and OTA decryption key via malicious bootloader upgrade.

Human OS v1.0:
Ageing Is an Unpatched Zero-Day Vulnerability.

Remediate biological technical debt. Prime Ageing uses 95% high-purity SIRT6 activation to maintain genomic integrity and bolster systemic resilience.

Deploy the Patch

Affected Version(s)

Gecko Bootloader 0 <= 4.0.1

References

https://community.silabs.com/sfc/servlet.shepherd/documen...

vendor-advisory

https://github.com/SiliconLabs/gecko_sdk/blame/2e82050dc8...

patch

CVSS V3.1

Score:

8.3

Severity:

HIGH

Confidentiality:

Low

Integrity:

High

Availability:

Low

Attack Vector:

Adjacent Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

None

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Nov 2, 2022
Vulnerability Reserved
Feb 10, 2022

JSON

Silabs.com