Gecko SDK
by Silabs.com
Source repositories
CVEs (9)
| CVE | Vendor / Product | Sev | Risk | CVSS | EPSS | KEV | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2024-3043 | Hig | 0.49 | 7.5 | 0.01 | Jun 27, 2024 | An unauthenticated IEEE 802.15.4 'co-ordinator realignment' packet can be used to force Zigbee nodes to change their network identifier (pan ID), leading to a denial of service. This packet type is not useful in production and should be used only for PHY qualification. | ||
| CVE-2024-4013 | Med | 0.36 | 5.6 | 0.00 | Jun 6, 2024 | A bug exists in the API, mesh_node_power_off(), which fails to copy the contents of the Replay Protection List (RPL) from RAM to NVM before powering down, resulting in the ability to replay unsaved messages. Note that as of June 2024, the Gecko SDK was renamed to the Simplicity… | ||
| CVE-2024-22473 | 0.00 | — | 0.00 | Feb 21, 2024 | TRNG is used before initialization by ECDSA signing driver when exiting EM2/EM3 on Virtual Secure Vault (VSE) devices. This defect may allow Signature Spoofing by Key Recreation.This issue affects Gecko SDK through v4.4.0. | |||
| CVE-2024-0240 | 0.00 | — | 0.00 | Feb 15, 2024 | A memory leak in the Silicon Labs' Bluetooth stack for EFR32 products may cause memory to be exhausted when sending notifications to multiple clients, this results in all Bluetooth operations, such as advertising and scanning, to stop. | |||
| CVE-2023-6387 | 0.00 | — | 0.01 | Feb 2, 2024 | A potential buffer overflow exists in the Bluetooth LE HCI CPC sample application in the Gecko SDK which may result in a denial of service or remote code execution | |||
| CVE-2023-4280 | 0.00 | — | 0.00 | Jan 2, 2024 | An unvalidated input in Silicon Labs TrustZone implementation in v4.3.x and earlier of the Gecko SDK allows an attacker to access the trusted region of memory from the untrusted region. | |||
| CVE-2023-4020 | 0.00 | — | 0.01 | Dec 15, 2023 | An unvalidated input in a library function responsible for communicating between secure and non-secure memory in Silicon Labs TrustZone implementation allows reading/writing of memory in the secure region of memory from the non-secure region of memory. | |||
| CVE-2023-2686 | 0.00 | — | 0.01 | Jun 15, 2023 | Buffer overflow in Wi-Fi Commissioning MicriumOS example in Silicon Labs Gecko SDK v4.2.3 or earlier allows connected device to write payload onto the stack. | |||
| CVE-2023-2687 | 0.00 | — | 0.00 | Jun 2, 2023 | Buffer overflow in Platform CLI component in Silicon Labs Gecko SDK v4.2.1 and earlier allows user to overwrite limited structures on the heap. |
- risk 0.49cvss 7.5epss 0.01
An unauthenticated IEEE 802.15.4 'co-ordinator realignment' packet can be used to force Zigbee nodes to change their network identifier (pan ID), leading to a denial of service. This packet type is not useful in production and should be used only for PHY qualification.
- risk 0.36cvss 5.6epss 0.00
A bug exists in the API, mesh_node_power_off(), which fails to copy the contents of the Replay Protection List (RPL) from RAM to NVM before powering down, resulting in the ability to replay unsaved messages. Note that as of June 2024, the Gecko SDK was renamed to the Simplicity…
- CVE-2024-22473Feb 21, 2024risk 0.00cvss —epss 0.00
TRNG is used before initialization by ECDSA signing driver when exiting EM2/EM3 on Virtual Secure Vault (VSE) devices. This defect may allow Signature Spoofing by Key Recreation.This issue affects Gecko SDK through v4.4.0.
- CVE-2024-0240Feb 15, 2024risk 0.00cvss —epss 0.00
A memory leak in the Silicon Labs' Bluetooth stack for EFR32 products may cause memory to be exhausted when sending notifications to multiple clients, this results in all Bluetooth operations, such as advertising and scanning, to stop.
- CVE-2023-6387Feb 2, 2024risk 0.00cvss —epss 0.01
A potential buffer overflow exists in the Bluetooth LE HCI CPC sample application in the Gecko SDK which may result in a denial of service or remote code execution
- CVE-2023-4280Jan 2, 2024risk 0.00cvss —epss 0.00
An unvalidated input in Silicon Labs TrustZone implementation in v4.3.x and earlier of the Gecko SDK allows an attacker to access the trusted region of memory from the untrusted region.
- CVE-2023-4020Dec 15, 2023risk 0.00cvss —epss 0.01
An unvalidated input in a library function responsible for communicating between secure and non-secure memory in Silicon Labs TrustZone implementation allows reading/writing of memory in the secure region of memory from the non-secure region of memory.
- CVE-2023-2686Jun 15, 2023risk 0.00cvss —epss 0.01
Buffer overflow in Wi-Fi Commissioning MicriumOS example in Silicon Labs Gecko SDK v4.2.3 or earlier allows connected device to write payload onto the stack.
- CVE-2023-2687Jun 2, 2023risk 0.00cvss —epss 0.00
Buffer overflow in Platform CLI component in Silicon Labs Gecko SDK v4.2.1 and earlier allows user to overwrite limited structures on the heap.