Known Vulnerabilities
CVE-2024-22473
TRNG is used before initialization by ECDSA signing driver when exiting EM2/EM3 on Virtual Secure Vault (VSE) devices. This defect may allow Signature Spoofing by Key Recreation.This issue affects Gecko SDK through v4.4.0.
MEDIUM
CVSS 6.8
Published Feb 21, 2024
CVE-2024-0240
A memory leak in the Silicon Labs' Bluetooth stack for EFR32 products may cause memory to be exhausted when sending notifications to multiple clients, this results in all Bluetooth operations, such as advertising and scanning, to stop.
MEDIUM
CVSS 6.5
Published Feb 15, 2024
CVE-2023-41097
An Observable Timing Discrepancy, Covert Timing Channel vulnerability in Silabs GSDK on ARM potentially allows Padding Oracle Crypto Attack on CBC PKCS7.This issue affects GSDK: through 4.4.0.
MEDIUM
CVSS 4.6
Published Dec 21, 2023