Bug in Gecko SDK's mesh_node_power_off() Function Allows Replay of Unsaved Messages
CVE-2024-4013

5.6MEDIUM

Key Information:

Vendor: Silabs.com
Status: Gecko Sdk
Vendor: CVE Published:; 6 June 2024

What is CVE-2024-4013?

A bug exists in the API, mesh_node_power_off(), which fails to copy the contents of the Replay Protection List (RPL) from RAM to NVM before powering down, resulting in the ability to replay unsaved messages. Note that as of June 2024, the Gecko SDK was renamed to the Simplicity SDK, and the versioning scheme was changed from Gecko SDK vX.Y.Z to Simplicity SDK YYYY.MM.Patch#.

Human OS v1.0:
Ageing Is an Unpatched Zero-Day Vulnerability.

Remediate biological technical debt. Prime Ageing uses 95% high-purity SIRT6 activation to maintain genomic integrity and bolster systemic resilience.

Deploy the Patch

Affected Version(s)

Gecko SDK 3.1.0 <= 2024.06.0

References

https://community.silabs.com/068Vm000006rR53

vendor-advisorypermissions-required

https://github.com/SiliconLabs/gecko_sdk/releases

product

CVSS V3.1

Score:

5.6

Severity:

MEDIUM

Confidentiality:

Low

Integrity:

Low

Availability:

Low

Attack Vector:

Network

Attack Complexity:

High

Privileges Required:

None

User Interaction:

None

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Jun 6, 2024
Vulnerability Reserved
Apr 19, 2024

JSON

Silabs.com