CVE-2022-24936

Name of the Vulnerable Software and Affected Versions Silicon Labs Gecko Bootloader versions 4.0.1 and earlier

Description The issue is related to an Out-of-Bounds error in the GBL parser, which allows an attacker to overwrite the flash Sign key and OTA decryption key via a malicious bootloader upgrade.

Recommendations For Silicon Labs Gecko Bootloader versions 4.0.1 and earlier, consider restricting access to bootloader upgrades to minimize the risk of exploitation until a patch is available. As a temporary workaround, avoid using the vulnerable GBL parser function until a fix is provided.