CVE-2023-4280

Summary

An unvalidated input in Silicon Labs TrustZone implementation in v4.3.x and earlier of the Gecko SDK allows an attacker to access the trusted region of memory from the untrusted region.

Affected Software

VendorProductVersion RangeStatus
silabs.comGSDK1.0 <= 4.3.xaffected

Weaknesses

  • CWE-125: CWE-125 Out-of-bounds Read
  • CWE-787: CWE-787 Out-of-bounds Write

ADP Enrichment

CVE Program Container

Additional References

CISA ADP Vulnrichment

  • SSVC:
  • Exploitation: none
    • Automatable: no
    • Technical Impact: partial

References