TRNG is used before initialization by ECDSA signing driver when exiting EM2/EM3 on Virtual Secure Vault (VSE) devices. This defect may allow Signature Spoofing by Key Recreation.This issue affects Gecko SDK through v4.4.0.
Metrics
Affected Vendors & Products
References
Link | Providers |
---|---|
https://community.silabs.com/068Vm000001FrjT |
History
Fri, 27 Sep 2024 17:45:00 +0000
Type | Values Removed | Values Added |
---|---|---|
Weaknesses | CWE-330 CWE-338 CWE-908 |
Fri, 27 Sep 2024 17:30:00 +0000
Type | Values Removed | Values Added |
---|---|---|
Metrics |
ssvc
|
Fri, 27 Sep 2024 16:30:00 +0000
Type | Values Removed | Values Added |
---|---|---|
Description | TRNG is used before initialization by ECDSA signing driver when exiting EM2/EM3 on Virtual Secure Vault (VSE) devices. This defect may allow Signature Spoofing by Key Recreation.This issue affects Gecko SDK through v4.4.0. | TRNG is used before initialization by ECDSA signing driver when exiting EM2/EM3 on Virtual Secure Vault (VSE) devices. This defect may allow Signature Spoofing by Key Recreation.This issue affects Gecko SDK through v4.4.0. |
Weaknesses | CWE-1279 CWE-331 |
MITRE
Status: PUBLISHED
Assigner: Silabs
Published: 2024-02-21T18:13:10.241Z
Updated: 2024-09-27T16:06:44.910Z
Reserved: 2024-01-10T19:20:24.393Z
Link: CVE-2024-22473
Vulnrichment
Updated: 2024-08-01T22:51:09.859Z
NVD
Status : Awaiting Analysis
Published: 2024-02-21T19:15:08.813
Modified: 2024-11-21T08:56:20.573
Link: CVE-2024-22473
Redhat
No data.