First published: Thu May 18 2023(Updated: )
Compiler removal of buffer clearing in sli_se_sign_hash in Silicon Labs Gecko Platform SDK v4.2.1 and earlier results in key material duplication to RAM.
Credit: product-security@silabs.com
Affected Software | Affected Version | How to fix |
---|---|---|
Silabs Gecko Software Development Kit | <=4.2.1 |
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
The vulnerability ID for this issue is CVE-2023-32099.
The title of this vulnerability is 'Compiler removal of buffer clearing in sli_se_sign_hash in Silicon Labs Gecko Platform SDK v4.2.1 and earlier results in key material duplication to RAM.'
The severity of CVE-2023-32099 is high with a CVSS score of 7.5.
Silicon Labs Gecko Platform SDK versions up to and including 4.2.1 are affected by CVE-2023-32099.
To fix the vulnerability CVE-2023-32099, it is recommended to update to a version of Silicon Labs Gecko Platform SDK that is above 4.2.1.