CVE-2024-22473
6.8
CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:N/I:H/A:N
Summary
TRNG is used before initialization by ECDSA signing driver when exiting EM2/EM3 on Virtual Secure Vault (VSE) devices. This defect may allow Signature Spoofing by Key Recreation.This issue affects Gecko SDK through v4.4.0.
Affected Software
| Vendor | Product | Version Range | Status |
|---|---|---|---|
| silabs.com | GSDK | 0 <= 4.4.0 | affected |
Weaknesses
- CWE-1279: CWE-1279 Cryptographic Operations are run Before Supporting Units are Ready
- CWE-331: CWE-331 Insufficient Entropy
ADP Enrichment
CISA ADP Vulnrichment
- SSVC:
- Exploitation: none
- Automatable: no
- Technical Impact: partial
CVE Program Container
Additional References
References
Feedback
Was this page helpful?
Glad to hear it! Please tell us how we can improve.
Sorry to hear that. Please tell us how we can improve.