CVSS: 6.5EPSS: 0%CPEs: 1EXPL: 0CVE-2023-6533 – Silicon Labs PC Controller Denial of Service Vulnerability
https://notcve.org/view.php?id=CVE-2023-6533
Malformed Device Reset Locally Command Class packets can be sent to the controller, causing the controller to assume the end device has left the network. After this, frames sent by the end device will not be acknowledged by the controller. This vulnerability exists in PC Controller v5.54.0, and earlier. Se pueden enviar paquetes de clase de comando de reinicio local de dispositivo con formato incorrecto al controlador, lo que hace que el controlador asuma que el dispositivo final ha abandonado la red. Después de esto, el controlador no reconocerá las tramas enviadas por el dispositivo final. • https://community.silabs.com/068Vm000001HdNm • CWE-248: Uncaught Exception CWE-345: Insufficient Verification of Data Authenticity CWE-419: Unprotected Primary Channel CWE-754: Improper Check for Unusual or Exceptional Conditions •
CVSS: 6.8EPSS: 0%CPEs: 1EXPL: 0CVE-2024-22473 – Uninitialized TRNG used for ECDSA after EM2/EM3 sleep for VSE devices
https://notcve.org/view.php?id=CVE-2024-22473
TRNG is used before initialization by ECDSA signing driver when exiting EM2/EM3 on Virtual Secure Vault (VSE) devices. This defect may allow Signature Spoofing by Key Recreation.This issue affects Gecko SDK through v4.4.0. TRNG se utiliza antes de la inicialización mediante el controlador de firma ECDSA al salir de EM2/EM3 en dispositivos Virtual Secure Vault (VSE). Este defecto puede permitir la suplantación de firmas mediante recreación clave. Este problema afecta a Gecko SDK hasta la versión 4.4.0. • https://community.silabs.com/068Vm000001FrjT • CWE-330: Use of Insufficiently Random Values CWE-331: Insufficient Entropy CWE-338: Use of Cryptographically Weak Pseudo-Random Number Generator (PRNG) CWE-908: Use of Uninitialized Resource CWE-1279: Cryptographic Operations are run Before Supporting Units are Ready •
CVSS: 6.5EPSS: 0%CPEs: 1EXPL: 0CVE-2024-0240 – Silicon Labs EFR32 Bluetooth stack denial of service when sending notifications to multiple clients
https://notcve.org/view.php?id=CVE-2024-0240
A memory leak in the Silicon Labs' Bluetooth stack for EFR32 products may cause memory to be exhausted when sending notifications to multiple clients, this results in all Bluetooth operations, such as advertising and scanning, to stop. Una pérdida de memoria en la pila Bluetooth de Silicon Labs para productos EFR32 puede provocar que la memoria se agote al enviar notificaciones a varios clientes, lo que provoca que se detengan todas las operaciones de Bluetooth, como la publicidad y el escaneo. • https://community.silabs.com/069Vm000001AjEfIAK https://github.com/SiliconLabs/gecko_sdk • CWE-400: Uncontrolled Resource Consumption CWE-401: Missing Release of Memory after Effective Lifetime •
CVSS: 7.5EPSS: 0%CPEs: 1EXPL: 0CVE-2023-6874 – Zigbee Unauthenticated DoS via NWK Sequence number manipulation
https://notcve.org/view.php?id=CVE-2023-6874
Prior to v7.4.0, Ember ZNet is vulnerable to a denial of service attack through manipulation of the NWK sequence number Antes de v7.4.0, Ember ZNet es vulnerable a un ataque de denegación de servicio mediante la manipulación del número de secuencia NWK • https://community.silabs.com/069Vm000000WXaOIAW https://github.com/SiliconLabs/gecko_sdk • CWE-312: Cleartext Storage of Sensitive Information CWE-754: Improper Check for Unusual or Exceptional Conditions •
CVSS: 7.5EPSS: 0%CPEs: 1EXPL: 0CVE-2023-6387 – Incorrect buffer parsing in Bluetooth LE sample code may lead to buffer overflow
https://notcve.org/view.php?id=CVE-2023-6387
A potential buffer overflow exists in the Bluetooth LE HCI CPC sample application in the Gecko SDK which may result in a denial of service or remote code execution Existe un posible desbordamiento del búfer en la aplicación de muestra Bluetooth LE HCI CPC en el SDK de Gecko, lo que puede provocar una denegación de servicio o la ejecución remota de código. • https://community.silabs.com/069Vm000000WNKuIAO https://github.com/SiliconLabs/gecko_sdk/releases/tag/v4.4.0 • CWE-125: Out-of-bounds Read CWE-131: Incorrect Calculation of Buffer Size CWE-787: Out-of-bounds Write •