CVE-2024-0240 MEDIUM

CVE-2024-0240: Silicon Labs EFR32 Bluetooth stack denial of service when sending notifications to multiple clients

Vendor Silabs.com
Product GSDK
Weakness CWE-401
Published February 15, 2024
Last update September 25, 2024

CVSS base score

6.5/10
Attack vector Adjacent
Attack complexity Low
Privileges required None
User interaction None
Confidentiality None
Integrity None

CVSS vector

CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

What the vulnerability does

01Description

A memory leak in the Silicon Labs' Bluetooth stack for EFR32 products may cause memory to be exhausted when sending notifications to multiple clients, this results in all Bluetooth operations, such as advertising and scanning, to stop.

Key dates

02Disclosure timeline

February 15, 2024 CVE published
September 25, 2024 Record updated