TRNG is used before initialization by ECDSA signing driver when exiting EM2/EM3 on Virtual Secure Vault (VSE) devices. This defect may allow Signature Spoofing by Key Recreation.This issue affects Gecko SDK through v4.4.0.
History

Fri, 27 Sep 2024 17:45:00 +0000

Type Values Removed Values Added
Weaknesses CWE-330
CWE-338
CWE-908

Fri, 27 Sep 2024 17:30:00 +0000

Type Values Removed Values Added
Metrics ssvc

{'options': {'Automatable': 'no', 'Exploitation': 'none', 'Technical Impact': 'partial'}, 'version': '2.0.3'}


Fri, 27 Sep 2024 16:30:00 +0000

Type Values Removed Values Added
Description TRNG is used before initialization by ECDSA signing driver when exiting EM2/EM3 on Virtual Secure Vault (VSE) devices. This defect may allow Signature Spoofing by Key Recreation.This issue affects Gecko SDK through v4.4.0. TRNG is used before initialization by ECDSA signing driver when exiting EM2/EM3 on Virtual Secure Vault (VSE) devices. This defect may allow Signature Spoofing by Key Recreation.This issue affects Gecko SDK through v4.4.0.
Weaknesses CWE-1279
CWE-331

cve-icon MITRE

Status: PUBLISHED

Assigner: Silabs

Published: 2024-02-21T18:13:10.241Z

Updated: 2024-09-27T16:06:44.910Z

Reserved: 2024-01-10T19:20:24.393Z

Link: CVE-2024-22473

cve-icon Vulnrichment

Updated: 2024-08-01T22:51:09.859Z

cve-icon NVD

Status : Awaiting Analysis

Published: 2024-02-21T19:15:08.813

Modified: 2024-11-21T08:56:20.573

Link: CVE-2024-22473

cve-icon Redhat

No data.