CVE-2024-22473 MEDIUM

CVE-2024-22473: Uninitialized TRNG used for ECDSA after EM2/EM3 sleep for VSE devices

Vendor Silabs.com
Product GSDK
Weakness CWE-1279
Published February 21, 2024
Last update September 27, 2024

CVSS base score

6.8/10
Attack vector Network
Attack complexity High
Privileges required None
User interaction None
Confidentiality None
Integrity High

CVSS vector

CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:N/I:H/A:N

What the vulnerability does

01Description

TRNG is used before initialization by ECDSA signing driver when exiting EM2/EM3 on Virtual Secure Vault (VSE) devices. This defect may allow Signature Spoofing by Key Recreation.This issue affects Gecko SDK through v4.4.0.

Key dates

02Disclosure timeline

February 21, 2024 CVE published
September 27, 2024 Record updated