PT-2023-23605 · Silicon · Silicon Labs Gecko Platform Sdk
Published
2023-05-18
·
Updated
2023-05-25
·
CVE-2023-32096
CVSS v3.1
7.5
High
| Vector | AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N |
Name of the Vulnerable Software and Affected Versions
Silicon Labs Gecko Platform SDK versions prior to 4.2.1
Description
The issue arises from the compiler removal of buffer clearing in the
sli crypto transparent aead encrypt tag function, leading to key material duplication to RAM. This results in a security risk.Recommendations
For Silicon Labs Gecko Platform SDK versions prior to 4.2.1, update to a version that includes the fix for the buffer clearing issue in the
sli crypto transparent aead encrypt tag function. As a temporary workaround, consider implementing additional memory clearing measures after using the sli crypto transparent aead encrypt tag function to minimize the risk of key material exposure.Fix
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Silicon Labs Gecko Platform Sdk