Key duplication in GSDK
CVE-2023-1132

5.3MEDIUM

Key Information:

Vendor: Silabs.com
Status: Gecko Platform
Vendor: CVE Published:; 18 May 2023

What is CVE-2023-1132?

The vulnerability involves the removal of buffer clearing in the function sli_se_driver_key_agreement within the Silicon Labs Gecko Platform SDK versions up to 4.2.1. This oversight leads to the dangerous duplication of key material in RAM, potentially exposing sensitive security data to unauthorized access. Users of the affected SDK should apply the relevant patches and monitor their systems for any suspicious activity to mitigate risks.

Affected Version(s)

Gecko Platform 0 < 4.2.2

References

https://github.com/SiliconLabs/gecko_sdk

patch

https://community.silabs.com/sfc/servlet.shepherd/documen...

vendor-advisory

CVSS V3.1

Score:

5.3

Severity:

MEDIUM

Confidentiality:

High

Integrity:

None

Availability:

High

Attack Vector:

Network

Attack Complexity:

High

Privileges Required:

Low

User Interaction:

None

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
May 18, 2023
Vulnerability Reserved
Mar 1, 2023

Silabs.com

What is CVE-2023-1132?

Affected Version(s)

References

CVSS V3.1

Timeline