CVSS: 6.5EPSS: 0%CPEs: 1EXPL: 0CVE-2023-6533 – Silicon Labs PC Controller Denial of Service Vulnerability
https://notcve.org/view.php?id=CVE-2023-6533
Malformed Device Reset Locally Command Class packets can be sent to the controller, causing the controller to assume the end device has left the network. After this, frames sent by the end device will not be acknowledged by the controller. This vulnerability exists in PC Controller v5.54.0, and earlier. Se pueden enviar paquetes de clase de comando de reinicio local de dispositivo con formato incorrecto al controlador, lo que hace que el controlador asuma que el dispositivo final ha abandonado la red. Después de esto, el controlador no reconocerá las tramas enviadas por el dispositivo final. • https://community.silabs.com/068Vm000001HdNm • CWE-248: Uncaught Exception CWE-345: Insufficient Verification of Data Authenticity CWE-419: Unprotected Primary Channel CWE-754: Improper Check for Unusual or Exceptional Conditions •
CVSS: 6.8EPSS: 0%CPEs: 1EXPL: 0CVE-2024-22473 – Uninitialized TRNG used for ECDSA after EM2/EM3 sleep for VSE devices
https://notcve.org/view.php?id=CVE-2024-22473
TRNG is used before initialization by ECDSA signing driver when exiting EM2/EM3 on Virtual Secure Vault (VSE) devices. This defect may allow Signature Spoofing by Key Recreation.This issue affects Gecko SDK through v4.4.0. TRNG se utiliza antes de la inicialización mediante el controlador de firma ECDSA al salir de EM2/EM3 en dispositivos Virtual Secure Vault (VSE). Este defecto puede permitir la suplantación de firmas mediante recreación clave. Este problema afecta a Gecko SDK hasta la versión 4.4.0. • https://community.silabs.com/068Vm000001FrjT • CWE-330: Use of Insufficiently Random Values CWE-331: Insufficient Entropy CWE-338: Use of Cryptographically Weak Pseudo-Random Number Generator (PRNG) CWE-908: Use of Uninitialized Resource CWE-1279: Cryptographic Operations are run Before Supporting Units are Ready •
CVSS: 6.5EPSS: 0%CPEs: 1EXPL: 0CVE-2024-0240 – Silicon Labs EFR32 Bluetooth stack denial of service when sending notifications to multiple clients
https://notcve.org/view.php?id=CVE-2024-0240
A memory leak in the Silicon Labs' Bluetooth stack for EFR32 products may cause memory to be exhausted when sending notifications to multiple clients, this results in all Bluetooth operations, such as advertising and scanning, to stop. Una pérdida de memoria en la pila Bluetooth de Silicon Labs para productos EFR32 puede provocar que la memoria se agote al enviar notificaciones a varios clientes, lo que provoca que se detengan todas las operaciones de Bluetooth, como la publicidad y el escaneo. • https://community.silabs.com/069Vm000001AjEfIAK https://github.com/SiliconLabs/gecko_sdk • CWE-400: Uncontrolled Resource Consumption CWE-401: Missing Release of Memory after Effective Lifetime •