Silabs: >> Gecko Software Development Kit >> 4.4.0 Security Vulnerabilities
TRNG is used before initialization by ECDSA signing driver when exiting EM2/EM3 on Virtual Secure Vault (VSE) devices. This defect may allow Signature Spoofing by Key Recreation.This issue affects Gecko SDK through v4.4.0.
CVSS Score
6.8
EPSS Score
0.001
Published
2024-02-21
An Observable Timing Discrepancy, Covert Timing Channel vulnerability in Silabs GSDK on ARM potentially allows Padding Oracle Crypto Attack on CBC PKCS7.This issue affects GSDK: through 4.4.0.
CVSS Score
4.6
EPSS Score
0.001
Published
2023-12-21
Forcing the Bluetooth LE stack to segment 'prepare write response' packets can lead to an out-of-bounds memory access.
CVSS Score
5.9
EPSS Score
0.001
Published
2023-09-29