Consecutive Tamper Resets May Not Be Properly Blocked in Series 2 HSE-SVH Devices
CVE-2024-2502

2LOW

Key Information:

Vendor: Silabs.com
Status: Se Firmware
Vendor: CVE Published:; 29 August 2024

Summary

An application can be configured to block boot attempts after consecutive tamper resets are detected, which may not occur as expected.

This is possible because the TAMPERRSTCAUSE register may not be properly updated when a level 4 tamper event (a tamper reset) occurs. This impacts Series 2 HSE-SVH devices, including xG23B, xG24B, xG25B, and xG28B, but does not impact xG21B. To mitigate this issue, upgrade to SE Firmware version 2.2.6 or later.

Affected Version(s)

SE Firmware 0 <= 2.2.5

References

https://community.silabs.com/sfc/servlet.shepherd/documen...

vendor-advisorypermissions-required

CVSS V3.1

Score:

Severity:

LOW

Confidentiality:

None

Integrity:

Low

Availability:

None

Attack Vector:

Physical

Attack Complexity:

High

Privileges Required:

None

User Interaction:

None

Scope:

Unchanged

Timeline

Vulnerability published
Aug 29, 2024
Vulnerability Reserved
Mar 15, 2024