Unvalidated input in Silicon Labs PSA Attestation service leads to secure memory access from non-secure memory
CVE-2023-4020

9.1CRITICAL

Key Information:

Vendor: Silabs.com
Status: Gsdk
Vendor: CVE Published:; 15 December 2023

What is CVE-2023-4020?

An unvalidated input flaw in the Silicon Labs TrustZone implementation enables unauthorized reading and writing to secure memory from non-secure regions. This vulnerability can potentially allow attackers to bypass security boundaries, leading to unauthorized data manipulation or information disclosure.

Affected Version(s)

GSDK 1.0 < 4.4.0

References

https://github.com/SiliconLabs/gecko_sdk/releases

https://community.silabs.com/069Vm0000004b95IAA

CVSS V3.1

Score:

9.1

Severity:

CRITICAL

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

None

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Dec 15, 2023
Vulnerability Reserved
Jul 31, 2023

Silabs.com

What is CVE-2023-4020?

Affected Version(s)

References

CVSS V3.1

Timeline