Buffer Overread Vulnerability in CPC Application by Silicon Labs
CVE-2024-12975

1LOW

Key Information:

Vendor: Silicon Labs
Status: Simplicity Sdk
Vendor: CVE Published:; 7 March 2025

🔔 Create Silicon Labs Vulnerability Alert

What is CVE-2024-12975?

A buffer overread vulnerability exists in the CPC application developed by Silicon Labs. This issue manifests when the application operates in full duplex SPI mode and attempts to process an invalid packet received over the SPI interface. This condition can lead to unexpected data exposure, making the system susceptible to potential security risks. It is crucial for users to implement the recommended patches and updates to mitigate this vulnerability effectively.

Affected Version(s)

Simplicity SDK 0 < 2024.12.1

References

https://community.silabs.com/069Vm00000LWXMeIAP

https://github.com/SiliconLabs/simplicity_sdk/releases

CVSS V4

Score:

Severity:

LOW

Confidentiality:

Low

Integrity:

None

Availability:

None

Attack Vector:

Physical

Attack Complexity:

High

Attack Required:

Physical

Privileges Required:

Undefined

User Interaction:

None

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Mar 7, 2025
Vulnerability Reserved
Dec 26, 2024