CVE-2023-4280 - OpenCVE

An unvalidated input in Silicon Labs TrustZone implementation in v4.3.x and earlier of the Gecko SDK allows an attacker to access the trusted region of memory from the untrusted region.

Attack Vector Network

Attack Complexity Low

Privileges Required None

Scope Unchanged

Confidentiality Impact High

Integrity Impact High

Availability Impact High

User Interaction None

No CVSS v3.0

No CVSS v2

Vendors & Products
CPE Configurations

Vendors	Products
Silabs	Gecko Software Development Kit

Configuration 1 [-]

cpe:2.3:a:silabs:gecko_software_development_kit:*:*:*:*:*:*:*:*

References

Link	Resource
https://community.silabs.com/069Vm0000004NinIAE	Permissions Required
https://github.com/SiliconLabs/gecko_sdk	Product

History

No history.

MITRE Information

Status: PUBLISHED

Assigner: Silabs

Published: 2024-01-02T16:52:06.959Z

Updated: 2024-01-02T16:52:06.959Z

Reserved: 2023-08-09T19:24:29.697Z

Link: CVE-2023-4280

JSON object: View

NVD Information

Status : Analyzed

Published: 2024-01-02T17:15:09.520

Modified: 2024-01-09T16:51:14.477

Link: CVE-2023-4280

JSON object: View

Redhat Information

No data.

CWE

{"dataType": "CVE_RECORD", "dataVersion": "5.0", "cveMetadata": {"cveId": "CVE-2023-4280", "assignerOrgId": "030b2754-1501-44a4-bef8-48be86a33bf4", "state": "PUBLISHED", "assignerShortName": "Silabs", "dateReserved": "2023-08-09T19:24:29.697Z", "datePublished": "2024-01-02T16:52:06.959Z", "dateUpdated": "2024-01-02T16:52:06.959Z"}, "containers": {"cna": {"affected": [{"defaultStatus": "unaffected", "product": "GSDK", "vendor": "silabs.com", "versions": [{"lessThanOrEqual": "4.3.x", "status": "affected", "version": "1.0", "versionType": "patch"}]}], "descriptions": [{"lang": "en", "supportingMedia": [{"base64": false, "type": "text/html", "value": "An unvalidated input in Silicon Labs TrustZone implementation in v4.3.x and earlier of the Gecko SDK allows an attacker to access the trusted region of memory from the untrusted region."}], "value": "An unvalidated input in Silicon Labs TrustZone implementation in v4.3.x and earlier of the Gecko SDK allows an attacker to access the trusted region of memory from the untrusted region."}], "impacts": [{"capecId": "CAPEC-233", "descriptions": [{"lang": "en", "value": "CAPEC-233 Privilege Escalation"}]}], "metrics": [{"cvssV3_1": {"attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "baseScore": 9.3, "baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "CHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H", "version": "3.1"}, "format": "CVSS", "scenarios": [{"lang": "en", "value": "GENERAL"}]}], "problemTypes": [{"descriptions": [{"cweId": "CWE-20", "description": "CWE-20 Improper Input Validation", "lang": "en", "type": "CWE"}]}, {"descriptions": [{"cweId": "CWE-125", "description": "CWE-125 Out-of-bounds Read", "lang": "en", "type": "CWE"}]}, {"descriptions": [{"cweId": "CWE-787", "description": "CWE-787 Out-of-bounds Write", "lang": "en", "type": "CWE"}]}], "providerMetadata": {"orgId": "030b2754-1501-44a4-bef8-48be86a33bf4", "shortName": "Silabs", "dateUpdated": "2024-01-02T16:52:06.959Z"}, "references": [{"url": "https://github.com/SiliconLabs/gecko_sdk"}, {"url": "https://community.silabs.com/069Vm0000004NinIAE"}], "source": {"discovery": "UNKNOWN"}, "title": "Unvalidated input in Silicon Labs TrustZone implementation leads to accessing Trusted memory region", "x_generator": {"engine": "Vulnogram 0.1.0-dev"}}}}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:silabs:gecko_software_development_kit:*:*:*:*:*:*:*:*", "matchCriteriaId": "3194013E-B743-4C93-B612-F4C428C6F54B", "versionEndIncluding": "4.3.2", "versionStartIncluding": "1.0.0", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "descriptions": [{"lang": "en", "value": "An unvalidated input in Silicon Labs TrustZone implementation in v4.3.x and earlier of the Gecko SDK allows an attacker to access the trusted region of memory from the untrusted region."}, {"lang": "es", "value": "Una entrada no validada en la implementaci\u00f3n de Silicon Labs TrustZone en v4.3.x y versiones anteriores del SDK de Gecko permite a un atacante acceder a la regi\u00f3n confiable de la memoria desde la regi\u00f3n que no es confiable."}], "id": "CVE-2023-4280", "lastModified": "2024-01-09T16:51:14.477", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 9.8, "baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1"}, "exploitabilityScore": 3.9, "impactScore": 5.9, "source": "nvd@nist.gov", "type": "Primary"}, {"cvssData": {"attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "baseScore": 9.3, "baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "CHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H", "version": "3.1"}, "exploitabilityScore": 2.5, "impactScore": 6.0, "source": "product-security@silabs.com", "type": "Secondary"}]}, "published": "2024-01-02T17:15:09.520", "references": [{"source": "product-security@silabs.com", "tags": ["Permissions Required"], "url": "https://community.silabs.com/069Vm0000004NinIAE"}, {"source": "product-security@silabs.com", "tags": ["Product"], "url": "https://github.com/SiliconLabs/gecko_sdk"}], "sourceIdentifier": "product-security@silabs.com", "vulnStatus": "Analyzed", "weaknesses": [{"description": [{"lang": "en", "value": "NVD-CWE-noinfo"}], "source": "nvd@nist.gov", "type": "Primary"}, {"description": [{"lang": "en", "value": "CWE-125"}, {"lang": "en", "value": "CWE-20"}, {"lang": "en", "value": "CWE-787"}], "source": "product-security@silabs.com", "type": "Secondary"}]}