CVE-2022-24936

Out-of-Bounds error in GBL parser in Silicon Labs Gecko Bootloader version 4.0.1 and earlier allows attacker to overwrite flash Sign key and OTA decryption key via malicious bootloader upgrade.
Configurations

Configuration 1 (hide)

cpe:2.3:a:silabs:gecko_bootloader:*:*:*:*:*:*:*:*

History

03 Nov 2022, 16:41

Type Values Removed Values Added
References (MISC) https://community.silabs.com/sfc/servlet.shepherd/document/download/0698Y00000Gdop4QAB?operationContext=S1 - (MISC) https://community.silabs.com/sfc/servlet.shepherd/document/download/0698Y00000Gdop4QAB?operationContext=S1 - Permissions Required, Vendor Advisory
References (MISC) https://github.com/SiliconLabs/gecko_sdk/blame/2e82050dc8823c9fe0e8908c1b2666fb83056230/platform/bootloader/core/btl_bootload.c - (MISC) https://github.com/SiliconLabs/gecko_sdk/blame/2e82050dc8823c9fe0e8908c1b2666fb83056230/platform/bootloader/core/btl_bootload.c - Exploit, Third Party Advisory
CVSS v2 : unknown
v3 : unknown
v2 : unknown
v3 : 9.1
CPE cpe:2.3:a:silabs:gecko_bootloader:*:*:*:*:*:*:*:*
CWE CWE-787

02 Nov 2022, 19:02

Type Values Removed Values Added
New CVE

Information

Published : 2022-11-02 18:15

Updated : 2024-02-04 22:51


NVD link : CVE-2022-24936

Mitre link : CVE-2022-24936

CVE.ORG link : CVE-2022-24936


JSON object : View

Products Affected

silabs

  • gecko_bootloader
CWE
CWE-787

Out-of-bounds Write

CWE-119

Improper Restriction of Operations within the Bounds of a Memory Buffer