CVE-2024-0240 - OpenCVE

A memory leak in the Silicon Labs' Bluetooth stack for EFR32 products may cause memory to be exhausted when sending notifications to multiple clients, this results in all Bluetooth operations, such as advertising and scanning, to stop.

Attack Vector Adjacent Network

Attack Complexity Low

Privileges Required None

Scope Unchanged

Confidentiality Impact None

Integrity Impact None

Availability Impact High

User Interaction None

No CVSS v3.0

No CVSS v2

Vendors & Products
CPE Configurations

No data.

No data.

References

Link	Resource
https://community.silabs.com/069Vm000001AjEfIAK
https://github.com/SiliconLabs/gecko_sdk

History

No history.

MITRE Information

Status: PUBLISHED

Assigner: Silabs

Published: 2024-02-15T20:30:45.263Z

Updated: 2024-06-04T17:58:19.959Z

Reserved: 2024-01-04T16:51:46.029Z

Link: CVE-2024-0240

JSON object: View

NVD Information

Status : Awaiting Analysis

Published: 2024-02-15T21:15:08.673

Modified: 2024-02-16T13:38:00.047

Link: CVE-2024-0240

JSON object: View

Redhat Information

No data.

CWE

CWE-400

{"dataType": "CVE_RECORD", "dataVersion": "5.1", "cveMetadata": {"cveId": "CVE-2024-0240", "assignerOrgId": "030b2754-1501-44a4-bef8-48be86a33bf4", "state": "PUBLISHED", "assignerShortName": "Silabs", "dateReserved": "2024-01-04T16:51:46.029Z", "datePublished": "2024-02-15T20:30:45.263Z", "dateUpdated": "2024-06-04T17:58:19.959Z"}, "containers": {"cna": {"affected": [{"defaultStatus": "unaffected", "product": "GSDK", "repo": "https://github.com/SiliconLabs/gecko_sdk/releases", "vendor": "silabs.com", "versions": [{"lessThan": "4.3.0", "status": "affected", "version": "0", "versionType": "semver"}]}], "descriptions": [{"lang": "en", "supportingMedia": [{"base64": false, "type": "text/html", "value": "A memory leak in the Silicon Labs' Bluetooth stack for EFR32 products may cause memory to be exhausted when sending notifications to multiple clients, this results in all Bluetooth operations, such as advertising and scanning, to stop."}], "value": "A memory leak in the Silicon Labs' Bluetooth stack for EFR32 products may cause memory to be exhausted when sending notifications to multiple clients, this results in all Bluetooth operations, such as advertising and scanning, to stop."}], "impacts": [{"capecId": "CAPEC-131", "descriptions": [{"lang": "en", "value": "CAPEC-131 Resource Leak Exposure"}]}], "metrics": [{"cvssV3_1": {"attackComplexity": "LOW", "attackVector": "ADJACENT_NETWORK", "availabilityImpact": "HIGH", "baseScore": 6.5, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "version": "3.1"}, "format": "CVSS", "scenarios": [{"lang": "en", "value": "GENERAL"}]}], "problemTypes": [{"descriptions": [{"cweId": "CWE-400", "description": "CWE-400 Uncontrolled Resource Consumption", "lang": "en", "type": "CWE"}]}], "providerMetadata": {"orgId": "030b2754-1501-44a4-bef8-48be86a33bf4", "shortName": "Silabs", "dateUpdated": "2024-02-15T20:30:45.263Z"}, "references": [{"url": "https://github.com/SiliconLabs/gecko_sdk"}, {"url": "https://community.silabs.com/069Vm000001AjEfIAK"}], "source": {"discovery": "UNKNOWN"}, "title": "Silicon Labs EFR32 Bluetooth stack denial of service when sending notifications to multiple clients", "x_generator": {"engine": "Vulnogram 0.1.0-dev"}}, "adp": [{"title": "CISA ADP Vulnrichment", "metrics": [{"other": {"type": "ssvc", "content": {"id": "CVE-2024-0240", "role": "CISA Coordinator", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "version": "2.0.3", "timestamp": "2024-02-16T17:04:27.213726Z"}}}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2024-06-04T17:58:19.959Z"}}]}}