Vulnerability Details : CVE-2023-1132
Compiler removal of buffer clearing in
sli_se_driver_key_agreement
in Silicon Labs Gecko Platform SDK v4.2.1 and earlier results in key material duplication to RAM.
Products affected by CVE-2023-1132
- cpe:2.3:a:silabs:gecko_software_development_kit:*:*:*:*:*:*:*:*
Exploit prediction scoring system (EPSS) score for CVE-2023-1132
0.16%
Probability of exploitation activity in the next 30 days
EPSS Score History
~ 52 %
Percentile, the proportion of vulnerabilities that are scored at or less
CVSS scores for CVE-2023-1132
Base Score | Base Severity | CVSS Vector | Exploitability Score | Impact Score | Score Source | First Seen |
---|---|---|---|---|---|---|
7.5
|
HIGH | CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N |
3.9
|
3.6
|
NIST | |
5.3
|
MEDIUM | CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N |
1.6
|
3.6
|
Silicon Labs |
CWE ids for CVE-2023-1132
-
Sensitive memory is cleared according to the source code, but compiler optimizations leave the memory untouched when it is not read from again, aka "dead store removal."Assigned by: product-security@silabs.com (Secondary)
References for CVE-2023-1132
-
https://github.com/SiliconLabs/gecko_sdk
GitHub - SiliconLabs/gecko_sdk: The Gecko SDK (GSDK) combines all Silicon Labs 32-bit IoT product software development kits (SDKs) based on Gecko Platform into a single, integrated SDK.Product
-
https://community.silabs.com/sfc/servlet.shepherd/document/download/0698Y00000U19lGQAR?operationContext=S1
Silicon Labs LoginPermissions Required
Jump to