CVE-2024-12975 LOW

CVE-2024-12975: Silicon Labs CPC can leak information in full duplex SPI

Vendor Silicon Labs
Product Simplicity SDK
Weakness CWE-126
Published March 7, 2025
Last update September 16, 2025

CVSS base score

1.0/10
Attack vector Physical
Attack complexity High
Privileges required None
User interaction None
Confidentiality
Integrity

CVSS vector

CVSS:4.0/AV:P/AC:H/AT:P/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N

What the vulnerability does

01Description

A buffer overread can occur in the CPC application when operating in full duplex SPI upon receiving an invalid packet over the SPI interface.

Key dates

02Disclosure timeline

March 7, 2025 CVE published
September 16, 2025 Record updated