Vulnerability Details : CVE-2023-4020
An unvalidated input in a library function responsible for communicating between secure and non-secure memory in Silicon Labs TrustZone implementation allows reading/writing of memory in the secure region of memory from the non-secure region of memory.
Products affected by CVE-2023-4020
- cpe:2.3:a:silabs:gecko_software_development_kit:*:*:*:*:*:*:*:*
Exploit prediction scoring system (EPSS) score for CVE-2023-4020
0.20%
Probability of exploitation activity in the next 30 days
EPSS Score History
~ 40 %
Percentile, the proportion of vulnerabilities that are scored at or less
CVSS scores for CVE-2023-4020
| Base Score | Base Severity | CVSS Vector | Exploitability Score | Impact Score | Score Source | First Seen |
|---|---|---|---|---|---|---|
|
9.1
|
CRITICAL | CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N |
3.9
|
5.2
|
NIST | |
|
9.0
|
CRITICAL | CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:N |
2.5
|
5.8
|
Silicon Labs |
CWE ids for CVE-2023-4020
-
The product receives input or data, but it does not validate or incorrectly validates that the input has the properties that are required to process the data safely and correctly.Assigned by: product-security@silabs.com (Secondary)
-
The product reads data past the end, or before the beginning, of the intended buffer.Assigned by: product-security@silabs.com (Secondary)
-
The product writes data past the end, or before the beginning, of the intended buffer.Assigned by: product-security@silabs.com (Secondary)
References for CVE-2023-4020
-
https://github.com/SiliconLabs/gecko_sdk/releases
Releases · SiliconLabs/gecko_sdk · GitHubRelease Notes
-
https://community.silabs.com/069Vm0000004b95IAA
Silicon Labs LoginPermissions Required
Jump to