Consecutive Tamper Resets May Not Be Properly Blocked in Series 2 HSE-SVH Devices
CVE-2024-2502

2LOW

Key Information:

Vendor: Silabs.com
Status: Se Firmware
Vendor: CVE Published:; 29 August 2024

What is CVE-2024-2502?

An application can be configured to block boot attempts after consecutive tamper resets are detected, which may not occur as expected.

This is possible because the TAMPERRSTCAUSE register may not be properly updated when a level 4 tamper event (a tamper reset) occurs. This impacts Series 2 HSE-SVH devices, including xG23B, xG24B, xG25B, and xG28B, but does not impact xG21B. To mitigate this issue, upgrade to SE Firmware version 2.2.6 or later.

Affected Version(s)

SE Firmware 0 <= 2.2.5

References

https://community.silabs.com/sfc/servlet.shepherd/documen...

vendor-advisorypermissions-required

CVSS V3.1

Score:

Severity:

LOW

Confidentiality:

None

Integrity:

Low

Availability:

None

Attack Vector:

Physical

Attack Complexity:

High

Privileges Required:

None

User Interaction:

None

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Aug 29, 2024
Vulnerability Reserved
Mar 15, 2024

Silabs.com

What is CVE-2024-2502?

Affected Version(s)

References

CVSS V3.1

Timeline