Описание
TRNG is used before initialization by ECDSA signing driver when exiting EM2/EM3 on Virtual Secure Vault (VSE) devices. This defect may allow Signature Spoofing by Key Recreation.This issue affects Gecko SDK through v4.4.0.
Ссылки
- Permissions Required
- Permissions Required
Уязвимые конфигурации
Конфигурация 1Версия до 4.4.0 (включая)
cpe:2.3:a:silabs:gecko_software_development_kit:*:*:*:*:*:*:*:*
EPSS
Процентиль: 21%
0.00067
Низкий
6.8 Medium
CVSS3
7.5 High
CVSS3
Дефекты
CWE-331
CWE-331
Связанные уязвимости
CVSS3: 6.8
github
почти 2 года назад
TRNG is used before initialization by ECDSA signing driver when exiting EM2/EM3 on Virtual Secure Vault (VSE) devices. This defect may allow Signature Spoofing by Key Recreation.This issue affects Gecko SDK through v4.4.0.
EPSS
Процентиль: 21%
0.00067
Низкий
6.8 Medium
CVSS3
7.5 High
CVSS3
Дефекты
CWE-331
CWE-331