CVE-2024-22473— Uninitialized TRNG used for ECDSA after EM2/EM3 sleep for VSE devices
Get alerts for future matching vulnerabilitiesLog in to subscribe
I. Basic Information for CVE-2024-22473
Vulnerability Information
Have questions about the vulnerability? See if Shenlong's analysis helps!
View Shenlong Deep Dive ↗ Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
Uninitialized TRNG used for ECDSA after EM2/EM3 sleep for VSE devices
Source: NVD (National Vulnerability Database)
Vulnerability Description
TRNG is used before initialization by ECDSA signing driver when exiting EM2/EM3 on Virtual Secure Vault (VSE) devices. This defect may allow Signature Spoofing by Key Recreation.This issue affects Gecko SDK through v4.4.0.
Source: NVD (National Vulnerability Database)
CVSS Information
CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:N/I:H/A:N
Source: NVD (National Vulnerability Database)
Vulnerability Type
CWE-1279
Source: NVD (National Vulnerability Database)
Vulnerability Title
Silicon Labs Gecko SDK 安全漏洞
Source: CNNVD (China National Vulnerability Database)
Vulnerability Description
Silicon Labs Gecko SDK(GSDK)是Silicon Labs开源的一个库。将 Silicon Labs 无线软件开发工具包(SDK)和 Gecko 平台结合为一个集成的软件包。 Silicon Labs Gecko SDK v4.4.0及之前版本存在安全漏洞,该漏洞源于可能允许通过密钥重新创建进行签名欺骗。
Source: CNNVD (China National Vulnerability Database)
CVSS Information
N/A
Source: CNNVD (China National Vulnerability Database)
Vulnerability Type
N/A
Source: CNNVD (China National Vulnerability Database)
Affected Products
| Vendor | Product | Affected Versions | CPE | Subscribe |
|---|---|---|---|---|
| silabs.com | GSDK | 0 ~ 4.4.0 | - |
II. Public POCs for CVE-2024-22473
| # | POC Description | Source Link | Shenlong Link |
|---|
AI-Generated POCPremium
No public POC found.
Login to generate AI POCIII. Intelligence Information for CVE-2024-22473
请登录查看更多情报信息。
Same Patch Batch · silabs.com · 2024-02-21 · 3 CVEs total
| CVE-2023-6533 | 6.5 MEDIUM | Silicon Labs PC Controller Denial of Service Vulnerability |
| CVE-2023-6640 | 6.5 MEDIUM | Silicon Labs PC Controller v5.54.0 and Earlier Denial of Service Vulnerability |
IV. Related Vulnerabilities
Same product: GSDK
- CVE-2024-0240
Silicon Labs EFR32 Bluetooth stack denial of service when se - CVE-2023-6874
Zigbee Unauthenticated DoS via NWK Sequence number manipulat - CVE-2023-6387
Incorrect buffer parsing in Bluetooth LE sample code may lea - CVE-2023-5138
Glitch detection not active by default in Silicon Labs Secur - CVE-2023-4280
Unvalidated input in Silicon Labs TrustZone implementation l
Same vendor: silabs.com
- CVE-2025-11571
Command Execution vulnerability in Simplicity Installer - CVE-2025-14055
Integer underflow in Secure NCP host - CVE-2025-14547
ECJ-PAKE Integer Underflow Vulnerability in Silicon Labs PSA - CVE-2026-0619
Integer Wraparound DoS in Silicon Labs Matter Implementation - CVE-2025-11004
Reflected XSS vulnerability in Simplicity Device Manager too
V. Comments for CVE-2024-22473
No comments yet