CVE-2023-4020

SiliconLabs/gecko_sdk

on github

Published

December 15, 2023

Severity

CVSS v3:

9.1 CRITICAL

CVSS v2:

N/A

Description

An unvalidated input in a library function responsible for communicating between secure and non-secure memory in Silicon Labs TrustZone implementation allows reading/writing of memory in the secure region of memory from the non-secure region of memory.

References

https://github.com/SiliconLabs/gecko_sdk/releases
https://community.silabs.com/069Vm0000004b95IAA

Configurations

CPE23	Version Start	Version End	Exact Version
cpe:2.3:a:silabs:gecko_software_development_kit::::::::	1.0.0 (including)	4.4.0	*

External Links

NVD - CVE-2023-4020