CVE-2023-2747 – Uninitialized IV in Silicon Labs SE FW v2.0.0 through v 2.2.1 for internally stored data
https://notcve.org/view.php?id=CVE-2023-2747
The initialization vector (IV) used by the secure engine (SE) for encrypting data stored in the SE flash memory is uninitialized. • https://community.silabs.com/sfc/servlet.shepherd/document/download/0698Y00000U2sFvQAJ?operationContext=S1 https://github.com/SiliconLabs/gecko_sdk • CWE-908: Use of Uninitialized Resource CWE-1204: Generation of Weak Initialization Vector (IV) •
CVE-2023-2683 – Connection update while closing connection may lead to denial-of-service
https://notcve.org/view.php?id=CVE-2023-2683
A memory leak in the EFR32 Bluetooth LE stack 5.1.0 through 5.1.1 allows an attacker to send an invalid pairing message and cause future legitimate connection attempts to fail. A reset of the device immediately clears the error. • https://github.com/SiliconLabs https://https://siliconlabs.lightning.force.com/sfc/servlet.shepherd/document/download/0698Y00000U2U1QQAV?operationContext=S1 • CWE-400: Uncontrolled Resource Consumption CWE-401: Missing Release of Memory after Effective Lifetime •
CVE-2023-2686
https://notcve.org/view.php?id=CVE-2023-2686
Buffer overflow in Wi-Fi Commissioning MicriumOS example in Silicon Labs Gecko SDK v4.2.3 or earlier allows connected device to write payload onto the stack. • https://community.silabs.com/sfc/servlet.shepherd/document/download/0698Y00000U2sFvQAJ?operationContext=S1 https://github.com/SiliconLabs/gecko_sdk/releases • CWE-120: Buffer Copy without Checking Size of Input ('Classic Buffer Overflow') •
CVE-2023-2687
https://notcve.org/view.php?id=CVE-2023-2687
Buffer overflow in Platform CLI component in Silicon Labs Gecko SDK v4.2.1 and earlier allows user to overwrite limited structures on the heap. • https://community.silabs.com/sfc/servlet.shepherd/document/download/0698Y00000U2sWXQAZ?operationContext=S1 https://github.com/SiliconLabs/gecko_sdk/releases • CWE-131: Incorrect Calculation of Buffer Size CWE-787: Out-of-bounds Write •
CVE-2023-32100 – Key duplication in GSDK
https://notcve.org/view.php?id=CVE-2023-32100
Compiler removal of buffer clearing in sli_se_driver_mac_compute in Silicon Labs Gecko Platform SDK v4.2.1 and earlier results in key material duplication to RAM. • https://community.silabs.com/sfc/servlet.shepherd/document/download/0698Y00000U19lGQAR?operationContext=S1 https://github.com/SiliconLabs/gecko_sdk • CWE-14: Compiler Removal of Code to Clear Buffers •