CVE-2023-4280

CVSS v3 9.3 CRITICAL

9.3^/10

CVSS v3 : CRITICAL

Vector :

Exploitability : 2.5 / Impact : 6.0

Attack Vector LOCAL

Attack Complexity LOW

Privileges Required NONE

User Interaction NONE

Confidentiality Impact HIGH

Integrity Impact HIGH

Availability Impact HIGH

Scope CHANGED

A

n unvalidated input in Silicon Labs TrustZone implementation in v4.3.x and earlier of the Gecko SDK allows an attacker to access the trusted region of memory from the untrusted region.

References

Link	Resource
https://community.silabs.com/069Vm0000004NinIAE	Permissions Required
https://github.com/SiliconLabs/gecko_sdk	Product
https://community.silabs.com/069Vm0000004NinIAE	Permissions Required
https://github.com/SiliconLabs/gecko_sdk	Product

Configurations

Configuration 1 (hide)

cpe:2.3:a:silabs:gecko_software_development_kit:*:*:*:*:*:*:*:*

History

21 Nov 2024, 08:34

Type	Values Removed	Values Added
References	~~() https://community.silabs.com/069Vm0000004NinIAE - Permissions Required~~	() https://community.silabs.com/069Vm0000004NinIAE - Permissions Required
References	~~() https://github.com/SiliconLabs/gecko_sdk - Product~~	() https://github.com/SiliconLabs/gecko_sdk - Product
CVSS	v2 : ~~unknown~~ v3 : ~~9.8~~	v2 : unknown v3 : 9.3

25 Sep 2024, 16:15

Type	Values Removed	Values Added
CWE	~~CWE-20~~

Information

Published : 2024-01-02 17:15

Updated : 2024-11-21 08:34

NVD link : CVE-2023-4280

Mitre link : CVE-2023-4280

CVE.ORG link : CVE-2023-4280

JSON object : View

Products Affected

gecko_software_development_kit

CWE

CWE-125

Out-of-bounds Read

CWE-787

Out-of-bounds Write

NVD-CWE-noinfo

{"id": "CVE-2023-4280", "metrics": {"cvssMetricV31": [{"type": "Secondary", "source": "[email protected]", "cvssData": {"scope": "CHANGED", "version": "3.1", "baseScore": 9.3, "attackVector": "LOCAL", "baseSeverity": "CRITICAL", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H", "integrityImpact": "HIGH", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "NONE", "confidentialityImpact": "HIGH"}, "impactScore": 6.0, "exploitabilityScore": 2.5}, {"type": "Primary", "source": "[email protected]", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 9.8, "attackVector": "NETWORK", "baseSeverity": "CRITICAL", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "integrityImpact": "HIGH", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "NONE", "confidentialityImpact": "HIGH"}, "impactScore": 5.9, "exploitabilityScore": 3.9}]}, "published": "2024-01-02T17:15:09.520", "references": [{"url": "https://community.silabs.com/069Vm0000004NinIAE", "tags": ["Permissions Required"], "source": "[email protected]"}, {"url": "https://github.com/SiliconLabs/gecko_sdk", "tags": ["Product"], "source": "[email protected]"}, {"url": "https://community.silabs.com/069Vm0000004NinIAE", "tags": ["Permissions Required"], "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "https://github.com/SiliconLabs/gecko_sdk", "tags": ["Product"], "source": "af854a3a-2127-422b-91ae-364da2661108"}], "vulnStatus": "Modified", "weaknesses": [{"type": "Secondary", "source": "[email protected]", "description": [{"lang": "en", "value": "CWE-125"}, {"lang": "en", "value": "CWE-787"}]}, {"type": "Primary", "source": "[email protected]", "description": [{"lang": "en", "value": "NVD-CWE-noinfo"}]}], "descriptions": [{"lang": "en", "value": "An unvalidated input in Silicon Labs TrustZone implementation in v4.3.x and earlier of the Gecko SDK allows an attacker to access the trusted region of memory from the untrusted region."}, {"lang": "es", "value": "Una entrada no validada en la implementaci\u00f3n de Silicon Labs TrustZone en v4.3.x y versiones anteriores del SDK de Gecko permite a un atacante acceder a la regi\u00f3n confiable de la memoria desde la regi\u00f3n que no es confiable."}], "lastModified": "2024-11-21T08:34:46.870", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:silabs:gecko_software_development_kit:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "3194013E-B743-4C93-B612-F4C428C6F54B", "versionEndIncluding": "4.3.2", "versionStartIncluding": "1.0.0"}], "operator": "OR"}]}], "sourceIdentifier": "[email protected]"}