CVE-2023-41097

SiliconLabs/gecko_sdk

on github

Published

December 21, 2023

Severity

CVSS v3:

7.5 HIGH

CVSS v2:

N/A

Description

An Observable Timing Discrepancy, Covert Timing Channel vulnerability in Silabs GSDK on ARM potentially allows Padding Oracle Crypto Attack on CBC PKCS7.This issue affects GSDK: through 4.4.0.

References

https://siliconlabs.lightning.force.com/sfc/servlet.shepherd/document/download/069Vm0000007rArIAI?operationContext=S1
https://github.com/SiliconLabs/gecko_sdk/releases

Configurations

CPE23	Version Start	Version End	Exact Version
cpe:2.3:a:silabs:gecko_software_development_kit::::::::	n/a	4.4.0 (including)	*

External Links

NVD - CVE-2023-41097