CVE-2024-22473

EPSS 0.07%
Veröffentlicht 21.02.2024 19:15:08
Zuletzt bearbeitet 12.02.2025 16:52:42
Quelle product-security@silabs.com
Teams Watchlist Login
Unerledigt Login

TRNG is used before initialization by ECDSA signing driver when exiting EM2/EM3 on Virtual Secure Vault (VSE) devices. This defect may allow Signature Spoofing by Key Recreation.This issue affects Gecko SDK through v4.4.0.

Betroffene Produkte Warnungen 0 Metriken 3 CWE 2 Referenzen 4

Daten sind bereitgestellt durch National Vulnerability Database (NVD)

Silabs ≫ Gecko Software Development Kit Version <= 4.4.0

Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.

EPSS Metriken
Typ	Quelle	Score	Percentile
EPSS	FIRST.org	0.07%	0.21

CVSS Metriken
Quelle	Base Score	Exploit Score	Impact Score	Vector String
nvd@nist.gov	7.5	3.9	3.6	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N
product-security@silabs.com	6.8	2.2	4	CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:N/I:H/A:N

CWE-1279 Cryptographic Operations are run Before Supporting Units are Ready

Performing cryptographic operations without ensuring that the supporting inputs are ready to supply valid data may compromise the cryptographic result.

CWE-331 Insufficient Entropy

The product uses an algorithm or scheme that produces insufficient entropy, leaving patterns or clusters of values that are more likely to occur than others.

https://community.silabs.com/068Vm000001FrjT

Permissions Required

https://nvd.nist.gov/vuln/detail/CVE-2024-22473

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2024-22473

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2024-22473

EUVD