CVE-2023-5138
Glitch detection not active by default in Silicon Labs Secure Vault High devices
Severity Score
6.8
*CVSS v3.1
Exploit Likelihood
*EPSS
Affected Versions
*CPE
Public Exploits
0
*Multiple Sources
Exploited in Wild
-
*KEV
Decision
-
*SSVC
Descriptions
Glitch detection is not enabled by default for the CortexM33 core in Silicon Labs secure vault high parts EFx32xG2xB, except EFR32xG21B.
La detección de fallos no está habilitada de forma predeterminada para el núcleo CortexM33 en las partes altas de la bóveda segura de Silicon Labs EFx32xG2xB, excepto EFR32xG21B.
*Credits:
N/A
CVSS Scores
Attack Vector
Attack Complexity
Privileges Required
User Interaction
Scope
Confidentiality
Integrity
Availability
* Common Vulnerability Scoring System
SSVC
- Decision:-
Exploitation
Automatable
Tech. Impact
* Organization's Worst-case Scenario
Timeline
- 2023-09-22 CVE Reserved
- 2024-01-03 CVE Published
- 2024-01-11 EPSS Updated
- 2024-09-27 CVE Updated
- ---------- Exploited in Wild
- ---------- KEV Due Date
- ---------- First Exploit
CWE
- CWE-909: Missing Initialization of Resource
- CWE-1319: Improper Protection against Electromagnetic Fault Injection (EM-FI)
CAPEC
- CAPEC-624: Hardware Fault Injection
References (1)
| URL | Tag | Source |
|---|---|---|
| https://github.com/SiliconLabs/gecko_sdk | Product |
| URL | Date | SRC |
|---|
| URL | Date | SRC |
|---|
| URL | Date | SRC |
|---|
Affected Vendors, Products, and Versions
| Vendor | Product | Version | Other | Status | ||||||
|---|---|---|---|---|---|---|---|---|---|---|
| Vendor | Product | Version | Other | Status | <-- --> | Vendor | Product | Version | Other | Status |
| Silabs Search vendor "Silabs" | Gecko Software Development Kit Search vendor "Silabs" for product "Gecko Software Development Kit" | >= 1.0.0 < 4.4.0 Search vendor "Silabs" for product "Gecko Software Development Kit" and version " >= 1.0.0 < 4.4.0" | - |
Affected
| ||||||