Bluetooth LE Invalid prepare write request command leads to denial of service
CVE-2023-0775

6.5MEDIUM

Key Information:

Vendor: Silabs.com
Status: Gsdk
Vendor: CVE Published:; 28 March 2023

Summary

An invalid ‘prepare write request’ command can cause the Bluetooth LE stack to run out of memory and fail to be able to handle subsequent connection requests, resulting in a denial-of-service.

Affected Version(s)

GSDK 1.0

References

https://siliconlabs.lightning.force.com/sfc/servlet.sheph...

https://github.com/SiliconLabs/gecko_sdk

CVSS V3.1

Score:

6.5

Severity:

MEDIUM

Confidentiality:

None

Integrity:

None

Availability:

None

Attack Vector:

Adjacent Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

None

Scope:

Unchanged

Timeline

Vulnerability published
Mar 28, 2023
Vulnerability Reserved
Feb 10, 2023