CVE-2022-24936

Out-of-Bounds error in GBL parser in Silicon Labs Gecko Bootloader version 4.0.1 and earlier allows attacker to overwrite flash Sign key and OTA decryption key via malicious bootloader upgrade.

CVSS v3 8.3 HIGH

8.3^/10

CVSS v3 : HIGH

Vector :

Exploitability : 2.8 / Impact : 5.5

Attack Vector ADJACENT_NETWORK

Attack Complexity LOW

Privileges Required NONE

User Interaction NONE

Confidentiality Impact LOW

Integrity Impact HIGH

Availability Impact HIGH

Scope UNCHANGED

References

Link	Resource
https://community.silabs.com/sfc/servlet.shepherd/document/download/0698Y00000Gdop4QAB?operationContext=S1	Permissions Required Vendor Advisory
https://github.com/SiliconLabs/gecko_sdk/blame/2e82050dc8823c9fe0e8908c1b2666fb83056230/platform/bootloader/core/btl_bootload.c	Exploit Third Party Advisory
https://community.silabs.com/sfc/servlet.shepherd/document/download/0698Y00000Gdop4QAB?operationContext=S1	Permissions Required Vendor Advisory
https://github.com/SiliconLabs/gecko_sdk/blame/2e82050dc8823c9fe0e8908c1b2666fb83056230/platform/bootloader/core/btl_bootload.c	Exploit Third Party Advisory

Configurations

Configuration 1 (hide)

cpe:2.3:a:silabs:gecko_bootloader:*:*:*:*:*:*:*:*

History

21 Nov 2024, 06:51

Type	Values Removed	Values Added
References	~~() https://community.silabs.com/sfc/servlet.shepherd/document/download/0698Y00000Gdop4QAB?operationContext=S1 - Permissions Required, Vendor Advisory~~	() https://community.silabs.com/sfc/servlet.shepherd/document/download/0698Y00000Gdop4QAB?operationContext=S1 - Permissions Required, Vendor Advisory
References	~~() https://github.com/SiliconLabs/gecko_sdk/blame/2e82050dc8823c9fe0e8908c1b2666fb83056230/platform/bootloader/core/btl_bootload.c - Exploit, Third Party Advisory~~	() https://github.com/SiliconLabs/gecko_sdk/blame/2e82050dc8823c9fe0e8908c1b2666fb83056230/platform/bootloader/core/btl_bootload.c - Exploit, Third Party Advisory
CVSS	v2 : ~~unknown~~ v3 : ~~9.1~~	v2 : unknown v3 : 8.3

Information

Published : 2022-11-02 18:15

Updated : 2024-11-21 06:51

NVD link : CVE-2022-24936

Mitre link : CVE-2022-24936

CVE.ORG link : CVE-2022-24936

JSON object : View

Products Affected

silabs

gecko_bootloader

CWE

CWE-119

Improper Restriction of Operations within the Bounds of a Memory Buffer

CWE-787

Out-of-bounds Write

{"id": "CVE-2022-24936", "metrics": {"cvssMetricV31": [{"type": "Secondary", "source": "product-security@silabs.com", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 8.3, "attackVector": "ADJACENT_NETWORK", "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:L/I:H/A:H", "integrityImpact": "HIGH", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "NONE", "confidentialityImpact": "LOW"}, "impactScore": 5.5, "exploitabilityScore": 2.8}, {"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 9.1, "attackVector": "NETWORK", "baseSeverity": "CRITICAL", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:H", "integrityImpact": "HIGH", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "NONE", "confidentialityImpact": "NONE"}, "impactScore": 5.2, "exploitabilityScore": 3.9}]}, "published": "2022-11-02T18:15:10.470", "references": [{"url": "https://community.silabs.com/sfc/servlet.shepherd/document/download/0698Y00000Gdop4QAB?operationContext=S1", "tags": ["Permissions Required", "Vendor Advisory"], "source": "product-security@silabs.com"}, {"url": "https://github.com/SiliconLabs/gecko_sdk/blame/2e82050dc8823c9fe0e8908c1b2666fb83056230/platform/bootloader/core/btl_bootload.c", "tags": ["Exploit", "Third Party Advisory"], "source": "product-security@silabs.com"}, {"url": "https://community.silabs.com/sfc/servlet.shepherd/document/download/0698Y00000Gdop4QAB?operationContext=S1", "tags": ["Permissions Required", "Vendor Advisory"], "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "https://github.com/SiliconLabs/gecko_sdk/blame/2e82050dc8823c9fe0e8908c1b2666fb83056230/platform/bootloader/core/btl_bootload.c", "tags": ["Exploit", "Third Party Advisory"], "source": "af854a3a-2127-422b-91ae-364da2661108"}], "vulnStatus": "Modified", "weaknesses": [{"type": "Secondary", "source": "product-security@silabs.com", "description": [{"lang": "en", "value": "CWE-119"}]}, {"type": "Primary", "source": "nvd@nist.gov", "description": [{"lang": "en", "value": "CWE-787"}]}], "descriptions": [{"lang": "en", "value": "Out-of-Bounds error in GBL parser in Silicon Labs Gecko Bootloader version 4.0.1 and earlier allows attacker to overwrite flash Sign key and OTA decryption key via malicious bootloader upgrade."}, {"lang": "es", "value": "El error fuera de l\u00edmites en el analizador GBL en Silicon Labs Gecko Bootloader versi\u00f3n 4.0.1 y anteriores permite al atacante sobrescribir la clave de firma flash y la clave de descifrado OTA mediante una actualizaci\u00f3n maliciosa del gestor de arranque."}], "lastModified": "2024-11-21T06:51:25.400", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:silabs:gecko_bootloader:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "05C71F13-1B46-4919-AD6F-B63BE2A3430A", "versionEndIncluding": "4.0.1"}], "operator": "OR"}]}], "sourceIdentifier": "product-security@silabs.com"}