CVE-2022-24936

Out-of-Bounds error in GBL parser in Silicon Labs Gecko Bootloader version 4.0.1 and earlier allows attacker to overwrite flash Sign key and OTA decryption key via malicious bootloader upgrade.

CVSS v3 9.1 CRITICAL

9.1^/10

CVSS v3 : CRITICAL

Vector :

Exploitability : 3.9 / Impact : 5.2

Attack Vector NETWORK

Attack Complexity LOW

Privileges Required NONE

User Interaction NONE

Confidentiality Impact NONE

Integrity Impact HIGH

Availability Impact HIGH

Scope UNCHANGED

References

Link	Resource
https://community.silabs.com/sfc/servlet.shepherd/document/download/0698Y00000Gdop4QAB?operationContext=S1	Permissions Required Vendor Advisory
https://github.com/SiliconLabs/gecko_sdk/blame/2e82050dc8823c9fe0e8908c1b2666fb83056230/platform/bootloader/core/btl_bootload.c	Exploit Third Party Advisory

Configurations

Configuration 1 (hide)

cpe:2.3:a:silabs:gecko_bootloader:*:*:*:*:*:*:*:*

History

03 Nov 2022, 16:41

Type	Values Removed	Values Added
References	~~(MISC) https://community.silabs.com/sfc/servlet.shepherd/document/download/0698Y00000Gdop4QAB?operationContext=S1 -~~	(MISC) https://community.silabs.com/sfc/servlet.shepherd/document/download/0698Y00000Gdop4QAB?operationContext=S1 - Permissions Required, Vendor Advisory
References	~~(MISC) https://github.com/SiliconLabs/gecko_sdk/blame/2e82050dc8823c9fe0e8908c1b2666fb83056230/platform/bootloader/core/btl_bootload.c -~~	(MISC) https://github.com/SiliconLabs/gecko_sdk/blame/2e82050dc8823c9fe0e8908c1b2666fb83056230/platform/bootloader/core/btl_bootload.c - Exploit, Third Party Advisory
CVSS	v2 : ~~unknown~~ v3 : ~~unknown~~	v2 : unknown v3 : 9.1
CPE		cpe:2.3:a:silabs:gecko_bootloader::::::::
CWE		CWE-787

02 Nov 2022, 19:02

Type	Values Removed	Values Added
New CVE

Information

Published : 2022-11-02 18:15

Updated : 2024-02-04 22:51

NVD link : CVE-2022-24936

Mitre link : CVE-2022-24936

CVE.ORG link : CVE-2022-24936

JSON object : View

Products Affected

silabs

gecko_bootloader

CWE

CWE-787

Out-of-bounds Write

CWE-119

Improper Restriction of Operations within the Bounds of a Memory Buffer

{"id": "CVE-2022-24936", "metrics": {"cvssMetricV31": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 9.1, "attackVector": "NETWORK", "baseSeverity": "CRITICAL", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:H", "integrityImpact": "HIGH", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "NONE", "confidentialityImpact": "NONE"}, "impactScore": 5.2, "exploitabilityScore": 3.9}, {"type": "Secondary", "source": "product-security@silabs.com", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 8.3, "attackVector": "ADJACENT_NETWORK", "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:L/I:H/A:H", "integrityImpact": "HIGH", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "NONE", "confidentialityImpact": "LOW"}, "impactScore": 5.5, "exploitabilityScore": 2.8}]}, "published": "2022-11-02T18:15:10.470", "references": [{"url": "https://community.silabs.com/sfc/servlet.shepherd/document/download/0698Y00000Gdop4QAB?operationContext=S1", "tags": ["Permissions Required", "Vendor Advisory"], "source": "product-security@silabs.com"}, {"url": "https://github.com/SiliconLabs/gecko_sdk/blame/2e82050dc8823c9fe0e8908c1b2666fb83056230/platform/bootloader/core/btl_bootload.c", "tags": ["Exploit", "Third Party Advisory"], "source": "product-security@silabs.com"}], "vulnStatus": "Analyzed", "weaknesses": [{"type": "Primary", "source": "nvd@nist.gov", "description": [{"lang": "en", "value": "CWE-787"}]}, {"type": "Secondary", "source": "product-security@silabs.com", "description": [{"lang": "en", "value": "CWE-119"}]}], "descriptions": [{"lang": "en", "value": "Out-of-Bounds error in GBL parser in Silicon Labs Gecko Bootloader version 4.0.1 and earlier allows attacker to overwrite flash Sign key and OTA decryption key via malicious bootloader upgrade."}, {"lang": "es", "value": "El error fuera de l\u00edmites en el analizador GBL en Silicon Labs Gecko Bootloader versi\u00f3n 4.0.1 y anteriores permite al atacante sobrescribir la clave de firma flash y la clave de descifrado OTA mediante una actualizaci\u00f3n maliciosa del gestor de arranque."}], "lastModified": "2022-11-03T16:41:30.327", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:silabs:gecko_bootloader:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "05C71F13-1B46-4919-AD6F-B63BE2A3430A", "versionEndIncluding": "4.0.1"}], "operator": "OR"}]}], "sourceIdentifier": "product-security@silabs.com"}