CVE-2023-4280

CVSS v3.1

9.8

Critical

Vector

AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Name of the Vulnerable Software and Affected Versions Gecko SDK versions 4.3.x and earlier

Description The issue is related to an unvalidated input in the Silicon Labs TrustZone implementation, allowing an attacker to access the trusted region of memory from the untrusted region.

Recommendations For versions 4.3.x and earlier, update to a version that includes a fix for the unvalidated input issue in the Silicon Labs TrustZone implementation. As a temporary workaround, consider restricting access to the trusted region of memory to minimize the risk of exploitation.

Fix

Out of bounds Read

Memory Corruption

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-125CWE-787

Related Identifiers

CVE-2023-4280

Affected Products

Gecko Sdk

CVE-2023-4280

Weakness Enumeration

Related Identifiers

Affected Products

References · 7