Remote Code Execution Vulnerability in Silicon Labs Gecko OS Debug Interface
CVE-2024-23938

8.8HIGH

Key Information:

Vendor: Silicon Labs
Status: Gecko Os
Vendor: CVE Published:; 28 September 2024

🔔 Create Silicon Labs Vulnerability Alert

What is CVE-2024-23938?

A vulnerability exists within the debug interface of Silicon Labs’ Gecko OS that exposes installations to potential exploitation by network-adjacent attackers. This vulnerability is characterized by a stack-based buffer overflow due to inadequate validation of user-supplied data length prior to copying it to a stack buffer. As a consequence, attackers can execute arbitrary code within the context of the device, which could lead to unauthorized actions and system compromise. This highlights the critical need for robust security measures and continuous monitoring to mitigate such vulnerabilities in enterprise environments.

Affected Version(s)

Gecko OS 1.0.46

References

https://www.zerodayinitiative.com/advisories/ZDI-24-868/

x_research-advisory

https://community.silabs.com/a45Vm0000000Atp

vendor-advisory

CVSS V3.1

Score:

8.8

Severity:

HIGH

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Adjacent Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

None

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Sep 28, 2024