Uninitialized variable in Gecko Bootloader can leak secure stack
CVE-2023-3488

3.8LOW

Key Information:

Vendor: Silabs.com
Status: Gecko Bootloader
Vendor: CVE Published:; 28 July 2023

Summary

Uninitialized buffer in GBL parser in Silicon Labs GSDK v4.3.0 and earlier allows attacker to leak data from Secure stack via malformed GBL file.

Affected Version(s)

Gecko Bootloader 0 <= 4.3.0

References

https://github.com/SiliconLabs/gecko_sdk/releases

https://community.silabs.com/sfc/servlet.shepherd/documen...

vendor-advisory

CVSS V3.1

Score:

3.8

Severity:

LOW

Confidentiality:

Low

Integrity:

None

Availability:

Low

Attack Vector:

Local

Attack Complexity:

Low

Privileges Required:

Low

User Interaction:

None

Scope:

Changed

Timeline

Vulnerability published
Jul 28, 2023
Vulnerability Reserved
Jun 30, 2023

.