2 results (0.005 seconds)

CVSS: 6.8EPSS: 0%CPEs: 1EXPL: 0

CVE-2024-22473 – Uninitialized TRNG used for ECDSA after EM2/EM3 sleep for VSE devices

https://notcve.org/view.php?id=CVE-2024-22473

TRNG is used before initialization by ECDSA signing driver when exiting EM2/EM3 on Virtual Secure Vault (VSE) devices. This defect may allow Signature Spoofing by Key Recreation.This issue affects Gecko SDK through v4.4.0. TRNG se utiliza antes de la inicialización mediante el controlador de firma ECDSA al salir de EM2/EM3 en dispositivos Virtual Secure Vault (VSE). Este defecto puede permitir la suplantación de firmas mediante recreación clave. Este problema afecta a Gecko SDK hasta la versión 4.4.0. • https://community.silabs.com/068Vm000001FrjT • CWE-330: Use of Insufficiently Random Values CWE-331: Insufficient Entropy CWE-338: Use of Cryptographically Weak Pseudo-Random Number Generator (PRNG) CWE-908: Use of Uninitialized Resource CWE-1279: Cryptographic Operations are run Before Supporting Units are Ready •

CVSS: 6.5EPSS: 0%CPEs: 1EXPL: 0

CVE-2024-0240 – Silicon Labs EFR32 Bluetooth stack denial of service when sending notifications to multiple clients

https://notcve.org/view.php?id=CVE-2024-0240

A memory leak in the Silicon Labs' Bluetooth stack for EFR32 products may cause memory to be exhausted when sending notifications to multiple clients, this results in all Bluetooth operations, such as advertising and scanning, to stop. Una pérdida de memoria en la pila Bluetooth de Silicon Labs para productos EFR32 puede provocar que la memoria se agote al enviar notificaciones a varios clientes, lo que provoca que se detengan todas las operaciones de Bluetooth, como la publicidad y el escaneo. • https://community.silabs.com/069Vm000001AjEfIAK https://github.com/SiliconLabs/gecko_sdk • CWE-400: Uncontrolled Resource Consumption CWE-401: Missing Release of Memory after Effective Lifetime •