CVE-2024-22473

CVSS V2 None CVSS V3 None

Description

TRNG is used before initialization by ECDSA signing driver when exiting EM2/EM3 on Virtual Secure Vault (VSE) devices. This defect may allow Signature Spoofing by Key Recreation.This issue affects Gecko SDK through v4.4.0.

Overview

CVE ID
CVE-2024-22473

Assigner
Silabs

Vulnerability Status
PUBLISHED

Published Version
2024-02-21T18:13:10.241Z

Last Modified Date
2024-02-21T18:13:10.241Z

Weakness Enumerations

CWE	URL
CWE-908	http://cwe.mitre.org/data/definitions/908.html
CWE-330	http://cwe.mitre.org/data/definitions/330.html
CWE-338	http://cwe.mitre.org/data/definitions/338.html

References

Reference URL	Reference Tags
https://community.silabs.com/068Vm000001FrjT

Sources

Source Name	Source URL
NIST	https://nvd.nist.gov/vuln/detail/CVE-2024-22473
MITRE	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-22473

History

Created	Old Value	New Value	Data Type	Notes
2024-06-26 09:29:24				Added to TrackCVE