CVE-2023-4280

An unvalidated input in Silicon Labs TrustZone implementation in v4.3.x and earlier of the Gecko SDK allows an attacker to access the trusted region of memory from the untrusted region.

CVSS v3 9.3 CRITICAL

9.3^/10

CVSS v3 : CRITICAL

Vector :

Exploitability : 2.5 / Impact : 6.0

Attack Vector LOCAL

Attack Complexity LOW

Privileges Required NONE

User Interaction NONE

Confidentiality Impact HIGH

Integrity Impact HIGH

Availability Impact HIGH

Scope CHANGED

References

Link	Resource
https://community.silabs.com/069Vm0000004NinIAE	Permissions Required
https://github.com/SiliconLabs/gecko_sdk	Product
https://community.silabs.com/069Vm0000004NinIAE	Permissions Required
https://github.com/SiliconLabs/gecko_sdk	Product

Configurations

Configuration 1 (hide)

cpe:2.3:a:silabs:gecko_software_development_kit:*:*:*:*:*:*:*:*

History

21 Nov 2024, 08:34

Type	Values Removed	Values Added
References	~~() https://community.silabs.com/069Vm0000004NinIAE - Permissions Required~~	() https://community.silabs.com/069Vm0000004NinIAE - Permissions Required
References	~~() https://github.com/SiliconLabs/gecko_sdk - Product~~	() https://github.com/SiliconLabs/gecko_sdk - Product
CVSS	v2 : ~~unknown~~ v3 : ~~9.8~~	v2 : unknown v3 : 9.3

25 Sep 2024, 16:15

Type	Values Removed	Values Added
CWE	~~CWE-20~~

09 Jan 2024, 16:51

Type	Values Removed	Values Added
First Time		Silabs gecko Software Development Kit Silabs
CVSS	v2 : ~~unknown~~ v3 : ~~unknown~~	v2 : unknown v3 : 9.8
References	~~() https://community.silabs.com/069Vm0000004NinIAE -~~	() https://community.silabs.com/069Vm0000004NinIAE - Permissions Required
References	~~() https://github.com/SiliconLabs/gecko_sdk -~~	() https://github.com/SiliconLabs/gecko_sdk - Product
CWE		NVD-CWE-noinfo
CPE		cpe:2.3:a:silabs:gecko_software_development_kit::::::::

02 Jan 2024, 17:15

Type	Values Removed	Values Added
New CVE

Information

Published : 2024-01-02 17:15

Updated : 2024-11-21 08:34

NVD link : CVE-2023-4280

Mitre link : CVE-2023-4280

CVE.ORG link : CVE-2023-4280

JSON object : View

Products Affected

silabs

gecko_software_development_kit

CWE

CWE-125

Out-of-bounds Read

CWE-787

Out-of-bounds Write

NVD-CWE-noinfo

{"id": "CVE-2023-4280", "metrics": {"cvssMetricV31": [{"type": "Secondary", "source": "product-security@silabs.com", "cvssData": {"scope": "CHANGED", "version": "3.1", "baseScore": 9.3, "attackVector": "LOCAL", "baseSeverity": "CRITICAL", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H", "integrityImpact": "HIGH", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "NONE", "confidentialityImpact": "HIGH"}, "impactScore": 6.0, "exploitabilityScore": 2.5}, {"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 9.8, "attackVector": "NETWORK", "baseSeverity": "CRITICAL", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "integrityImpact": "HIGH", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "NONE", "confidentialityImpact": "HIGH"}, "impactScore": 5.9, "exploitabilityScore": 3.9}]}, "published": "2024-01-02T17:15:09.520", "references": [{"url": "https://community.silabs.com/069Vm0000004NinIAE", "tags": ["Permissions Required"], "source": "product-security@silabs.com"}, {"url": "https://github.com/SiliconLabs/gecko_sdk", "tags": ["Product"], "source": "product-security@silabs.com"}, {"url": "https://community.silabs.com/069Vm0000004NinIAE", "tags": ["Permissions Required"], "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "https://github.com/SiliconLabs/gecko_sdk", "tags": ["Product"], "source": "af854a3a-2127-422b-91ae-364da2661108"}], "vulnStatus": "Modified", "weaknesses": [{"type": "Secondary", "source": "product-security@silabs.com", "description": [{"lang": "en", "value": "CWE-125"}, {"lang": "en", "value": "CWE-787"}]}, {"type": "Primary", "source": "nvd@nist.gov", "description": [{"lang": "en", "value": "NVD-CWE-noinfo"}]}], "descriptions": [{"lang": "en", "value": "An unvalidated input in Silicon Labs TrustZone implementation in v4.3.x and earlier of the Gecko SDK allows an attacker to access the trusted region of memory from the untrusted region."}, {"lang": "es", "value": "Una entrada no validada en la implementaci\u00f3n de Silicon Labs TrustZone en v4.3.x y versiones anteriores del SDK de Gecko permite a un atacante acceder a la regi\u00f3n confiable de la memoria desde la regi\u00f3n que no es confiable."}], "lastModified": "2024-11-21T08:34:46.870", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:silabs:gecko_software_development_kit:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "3194013E-B743-4C93-B612-F4C428C6F54B", "versionEndIncluding": "4.3.2", "versionStartIncluding": "1.0.0"}], "operator": "OR"}]}], "sourceIdentifier": "product-security@silabs.com"}