PT-2023-27783 · Silicon · Silabs Gsdk
Published
2023-12-21
·
Updated
2024-09-25
·
CVE-2023-41097
CVSS v3.1
7.5
High
| Vector | AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N |
Name of the Vulnerable Software and Affected Versions
Silabs GSDK versions through 4.4.0
Description
The issue is related to an Observable Timing Discrepancy, Covert Timing Channel vulnerability in Silabs GSDK on ARM. This vulnerability potentially allows a Padding Oracle Crypto Attack on CBC PKCS7.
Recommendations
For Silabs GSDK versions through 4.4.0, update to a version later than 4.4.0 to resolve the issue.
At the moment, there is no information about a newer version that contains a fix for this vulnerability.
Side Channel Attack
Use of a Broken Cryptographic Algorithm
Found an issue in the description? Have something to add? Feel free to write us 👾
Related Identifiers
Affected Products
Silabs Gsdk