// For flags

CVE-2023-4020

Unvalidated input in Silicon Labs PSA Attestation service leads to secure memory access from non-secure memory

Severity Score

9.1
*CVSS v3.1

Exploit Likelihood

*EPSS

Affected Versions

*CPE

Public Exploits

0
*Multiple Sources

Exploited in Wild

-
*KEV

Decision

-
*SSVC
Descriptions

An unvalidated input in a library function responsible for communicating between secure and non-secure memory in Silicon Labs TrustZone implementation allows reading/writing of memory in the secure region of memory from the non-secure region of memory.

Una entrada no validada en una función de librería responsable de la comunicación entre la memoria segura y no segura en la implementación TrustZone de Silicon Labs permite la lectura/escritura de la memoria en la región segura de la memoria desde la región no segura de la memoria.

*Credits: N/A
CVSS Scores
Attack Vector
Network
Attack Complexity
Low
Privileges Required
None
User Interaction
None
Scope
Unchanged
Confidentiality
High
Integrity
High
Availability
None
Attack Vector
Local
Attack Complexity
Low
Privileges Required
None
User Interaction
None
Scope
Changed
Confidentiality
High
Integrity
High
Availability
None
Attack Vector
Network
Attack Complexity
Low
Authentication
None
Confidentiality
Complete
Integrity
Complete
Availability
None
* Common Vulnerability Scoring System
SSVC
  • Decision:-
Exploitation
-
Automatable
-
Tech. Impact
-
* Organization's Worst-case Scenario
Timeline
  • 2023-07-31 CVE Reserved
  • 2023-12-15 CVE Published
  • 2024-09-26 CVE Updated
  • 2025-05-05 EPSS Updated
  • ---------- Exploited in Wild
  • ---------- KEV Due Date
  • ---------- First Exploit
CWE
  • CWE-20: Improper Input Validation
  • CWE-125: Out-of-bounds Read
  • CWE-787: Out-of-bounds Write
CAPEC
  • CAPEC-129: Pointer Manipulation
References (1)
URL Tag Source
https://github.com/SiliconLabs/gecko_sdk/releases Release Notes
URL Date SRC
URL Date SRC
URL Date SRC
Affected Vendors, Products, and Versions
Vendor Product Version Other Status
Vendor Product Version Other Status <-- --> Vendor Product Version Other Status
Silabs
Search vendor "Silabs"
 Gecko Software Development Kit
Search vendor "Silabs" for product "Gecko Software Development Kit"
 >= 1.0.0 < 4.4.0
Search vendor "Silabs" for product "Gecko Software Development Kit" and version " >= 1.0.0 < 4.4.0"
-
Affected