Potential Timing vulnerability in CBC PKCS7 padding calculations
CVE-2023-41097

4.6MEDIUM

Key Information:

Vendor: Silabs.com
Status: Gsdk
Vendor: CVE Published:; 21 December 2023

Summary

Silicon Labs' GSDK for ARM is susceptible to an Observable Timing Discrepancy that could enable a Covert Timing Channel exploitation. This vulnerability makes the system potentially vulnerable to a Padding Oracle Crypto Attack on CBC PKCS7, affecting all versions of GSDK up to 4.4.0. Users of this software should take immediate action to mitigate the risks associated with this vulnerability by updating to the latest version.

Affected Version(s)

GSDK ARM 0

References

https://siliconlabs.lightning.force.com/sfc/servlet.sheph...

vendor-advisory

https://github.com/SiliconLabs/gecko_sdk/releases

patch

CVSS V3.1

Score:

4.6

Severity:

MEDIUM

Confidentiality:

High

Integrity:

None

Availability:

High

Attack Vector:

Physical

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

None

Scope:

Unchanged

Timeline

Vulnerability published
Dec 21, 2023
Vulnerability Reserved
Aug 23, 2023