CVE-2023-4280

An unvalidated input in Silicon Labs TrustZone implementation in v4.3.x and earlier of the Gecko SDK allows an attacker to access the trusted region of memory from the untrusted region.
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTNIST
9.3 CRITICAL
LOCAL
LOW
NONE
CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H
SilabsCNA
9.3 CRITICAL
LOCAL
LOW
NONE
CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H
CVEADP
---
---
Base Score
CVSS 3.x
EPSS Score
Percentile: 23%
VendorProductVersion
silabsgecko_software_development_kit
1.0.0 ≤
𝑥
≤ 4.3.2
𝑥
= Vulnerable software versions
Common Weakness Enumeration
References
https://community.silabs.com/069Vm0000004NinIAE
https://github.com/SiliconLabs/gecko_sdk
https://community.silabs.com/069Vm0000004NinIAE
https://github.com/SiliconLabs/gecko_sdk