exploitDog

GHSA-xhg6-78jc-3cwf

Опубликовано: 21 фев. 2024

Источник: github

Github: Не прошло ревью

CVSS3: 6.8

Описание

TRNG is used before initialization by ECDSA signing driver when exiting EM2/EM3 on Virtual Secure Vault (VSE) devices. This defect may allow Signature Spoofing by Key Recreation.This issue affects Gecko SDK through v4.4.0.

TRNG is used before initialization by ECDSA signing driver when exiting EM2/EM3 on Virtual Secure Vault (VSE) devices. This defect may allow Signature Spoofing by Key Recreation.This issue affects Gecko SDK through v4.4.0.

Ссылки

EPSS

Процентиль: 21%

0.00067

Низкий

6.8 Medium

CVSS3

CVE ID

Дефекты

CWE-1279

CWE-330

CWE-331

Связанные уязвимости

CVE-2024-22473

CVSS3: 6.8

nvd

почти 2 года назад

TRNG is used before initialization by ECDSA signing driver when exiting EM2/EM3 on Virtual Secure Vault (VSE) devices. This defect may allow Signature Spoofing by Key Recreation.This issue affects Gecko SDK through v4.4.0.

EPSS

Процентиль: 21%

0.00067

Низкий

6.8 Medium

CVSS3

CVE ID

Дефекты

CWE-1279

CWE-330

CWE-331