CVE-2023-41097

Summary

An Observable Timing Discrepancy, Covert Timing Channel vulnerability in Silabs GSDK on ARM potentially allows Padding Oracle Crypto Attack on CBC PKCS7.This issue affects GSDK: through 4.4.0.

Affected Software

VendorProductVersion RangeStatus
silabs.comGSDK0 < 4.4.0affected

Weaknesses

  • CWE-208: CWE-208 Observable Timing Discrepancy
  • CWE-327: CWE-327 Use of a Broken or Risky Cryptographic Algorithm

ADP Enrichment

CVE Program Container

Additional References

CISA ADP Vulnrichment

  • SSVC:
  • Exploitation: none
    • Automatable: no
    • Technical Impact: partial

References