CVE-2024-22473

Name of the Vulnerable Software and Affected Versions Gecko SDK versions through 4.4.0

Description The issue arises from the use of a True Random Number Generator (TRNG) before its initialization by the ECDSA signing driver when exiting low-power modes (EM2/EM3) on Virtual Secure Vault (VSE) devices. This defect may allow an attacker to recreate keys, potentially enabling signature spoofing.

Recommendations For Gecko SDK versions through 4.4.0, update to a version newer than 4.4.0 to resolve the issue. At the moment, there is no information about additional mitigation measures for this specific vulnerability.