CVE-2024-22473

Summary

TRNG is used before initialization by ECDSA signing driver when exiting EM2/EM3 on Virtual Secure Vault (VSE) devices. This defect may allow Signature Spoofing by Key Recreation.This issue affects Gecko SDK through v4.4.0.

Affected Software

VendorProductVersion RangeStatus
silabs.comGSDK0 <= 4.4.0affected

Weaknesses

  • CWE-1279: CWE-1279 Cryptographic Operations are run Before Supporting Units are Ready
  • CWE-331: CWE-331 Insufficient Entropy

ADP Enrichment

CISA ADP Vulnrichment

  • SSVC:
  • Exploitation: none
    • Automatable: no
    • Technical Impact: partial

CVE Program Container

Additional References

References