CVE-2023-1132

Name of the Vulnerable Software and Affected Versions Silicon Labs Gecko Platform SDK versions 4.2.1 and earlier

Description The issue arises from the compiler removal of buffer clearing in the sli se driver key agreement function, leading to key material duplication to RAM. This results in a security concern where sensitive key material is not properly cleared from memory.

Recommendations For Silicon Labs Gecko Platform SDK versions 4.2.1 and earlier, ensure proper buffer clearing mechanisms are implemented in the sli se driver key agreement function to prevent key material duplication to RAM. As a temporary workaround, consider implementing manual buffer clearing after key agreement operations until a patched version is available.