CVE-2024-22473

EPSS 0.07%
Published 21.02.2024 19:15:08
Last modified 12.02.2025 16:52:42
Source product-security@silabs.com
Teams watchlist Login
Open Login

TRNG is used before initialization by ECDSA signing driver when exiting EM2/EM3 on Virtual Secure Vault (VSE) devices. This defect may allow Signature Spoofing by Key Recreation.This issue affects Gecko SDK through v4.4.0.

Affected products Warnungen 0 Metrics 3 CWE 2 References 4

Data is provided by the National Vulnerability Database (NVD)

Silabs ≫ Gecko Software Development Kit Version <= 4.4.0

Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.

EPSS Metriken
Type	Source	Score	Percentile
EPSS	FIRST.org	0.07%	0.21

CVSS Metriken
Source	Base Score	Exploit Score	Impact Score	Vector string
nvd@nist.gov	7.5	3.9	3.6	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N
product-security@silabs.com	6.8	2.2	4	CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:N/I:H/A:N

CWE-1279 Cryptographic Operations are run Before Supporting Units are Ready

Performing cryptographic operations without ensuring that the supporting inputs are ready to supply valid data may compromise the cryptographic result.

CWE-331 Insufficient Entropy

The product uses an algorithm or scheme that produces insufficient entropy, leaving patterns or clusters of values that are more likely to occur than others.

https://community.silabs.com/068Vm000001FrjT

Permissions Required

https://nvd.nist.gov/vuln/detail/CVE-2024-22473

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2024-22473

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2024-22473

EUVD