GCVE - cpe:2.3:a:silabs.com:gsdk:*:*:*:*:*:*:*:*

Approved changes feed: RSS · Atom

cpe:2.3:a:silabs.com:gsdk:*:*:*:*:*:*:*:*

part: a version: * update: *

Vendor	Silabs.Com (`52225443-b468-5192-880f-63993491f517`)
Product	Gsdk (`5763d416-05a1-5c6e-8953-9e9ef282743e`)
Edition	*
Language	*
Software edition	*
Target software	*
Target hardware	*
Other	*
Notes	Imported from gcve-enriched-dumps CVE data

PURL mappings

PURL	Source	Last updated
No PURL mappings for this CPE yet.

Vulnerability references

Identifier	cpeApplicability	Submitted	db.gcve.eu details	Rationale
`CVE:CVE-2024-22473`	vulnerable	2026-06-03 14:55:01.239523	Uninitialized TRNG used for ECDSA after EM2/EM3 sleep for VSE devices MEDIUM (6.8) TRNG is used before initialization by ECDSA signing driver when exiting EM2/EM3 on Virtual Secure Vault (VSE) devices. This defect may allow Signature Spoofing by Key Recreation.This issue affects Gecko SDK through v4.4.0. Published: 2024-02-21T18:13:10.241Z Updated: 2024-09-27T16:06:44.910Z Open on db.gcve.eu Reference links https://community.silabs.com/068Vm000001FrjT	Imported from gcve-enriched-dumps CVE data
`CVE:CVE-2024-0240`	vulnerable	2026-06-03 14:54:01.955015	Silicon Labs EFR32 Bluetooth stack denial of service when sending notifications to multiple clients MEDIUM (6.5) A memory leak in the Silicon Labs' Bluetooth stack for EFR32 products may cause memory to be exhausted when sending notifications to multiple clients, this results in all Bluetooth operations, such as advertising and scanning, to stop. Published: 2024-02-15T20:30:45.263Z Updated: 2024-09-25T16:41:33.587Z Open on db.gcve.eu Reference links https://github.com/SiliconLabs/gecko_sdk https://community.silabs.com/069Vm000001AjEfIAK	Imported from gcve-enriched-dumps CVE data
`CVE:CVE-2023-6874`	vulnerable	2026-06-03 14:53:59.185963	Zigbee Unauthenticated DoS via NWK Sequence number manipulation HIGH (7.5) Prior to v7.4.0, Ember ZNet is vulnerable to a denial of service attack through manipulation of the NWK sequence number Published: 2024-02-05T17:39:43.291Z Updated: 2024-09-25T16:10:32.932Z Open on db.gcve.eu Reference links https://github.com/SiliconLabs/gecko_sdk https://community.silabs.com/069Vm000000WXaOIAW	Imported from gcve-enriched-dumps CVE data
`CVE:CVE-2023-6387`	vulnerable	2026-06-03 14:53:51.629206	Incorrect buffer parsing in Bluetooth LE sample code may lead to buffer overflow HIGH (7.5) A potential buffer overflow exists in the Bluetooth LE HCI CPC sample application in the Gecko SDK which may result in a denial of service or remote code execution Published: 2024-02-02T15:18:13.169Z Updated: 2025-05-15T19:50:07.897Z Open on db.gcve.eu Reference links https://github.com/SiliconLabs/gecko_sdk/releases/tag/v4.4.0 https://community.silabs.com/069Vm000000WNKuIAO	Imported from gcve-enriched-dumps CVE data
`CVE:CVE-2023-5138`	vulnerable	2026-06-03 14:53:47.759417	Glitch detection not active by default in Silicon Labs Secure Vault High devices MEDIUM (6.8) Glitch detection is not enabled by default for the CortexM33 core in Silicon Labs secure vault high parts EFx32xG2xB, except EFR32xG21B. Published: 2024-01-03T22:31:04.433Z Updated: 2025-06-03T14:43:09.428Z Open on db.gcve.eu Reference links https://github.com/SiliconLabs/gecko_sdk https://community.silabs.com/069Vm0000004f6DIAQ	Imported from gcve-enriched-dumps CVE data
`CVE:CVE-2023-4280`	vulnerable	2026-06-03 14:53:27.693534	Unvalidated input in Silicon Labs TrustZone implementation leads to accessing Trusted memory region CRITICAL (9.3) An unvalidated input in Silicon Labs TrustZone implementation in v4.3.x and earlier of the Gecko SDK allows an attacker to access the trusted region of memory from the untrusted region. Published: 2024-01-02T16:52:06.959Z Updated: 2025-06-13T19:03:26.975Z Open on db.gcve.eu Reference links https://github.com/SiliconLabs/gecko_sdk https://community.silabs.com/069Vm0000004NinIAE	Imported from gcve-enriched-dumps CVE data
`CVE:CVE-2023-4020`	vulnerable	2026-06-03 14:53:26.938627	Unvalidated input in Silicon Labs PSA Attestation service leads to secure memory access from non-secure memory CRITICAL (9) An unvalidated input in a library function responsible for communicating between secure and non-secure memory in Silicon Labs TrustZone implementation allows reading/writing of memory in the secure region of memory from the non-secure region of memory. Published: 2023-12-15T20:37:20.123Z Updated: 2024-09-26T14:11:59.084Z Open on db.gcve.eu Reference links https://github.com/SiliconLabs/gecko_sdk/releases https://community.silabs.com/069Vm0000004b95IAA	Imported from gcve-enriched-dumps CVE data
`CVE:CVE-2023-41097`	vulnerable	2026-06-03 14:52:51.039099	Potential Timing vulnerability in CBC PKCS7 padding calculations MEDIUM (4.6) An Observable Timing Discrepancy, Covert Timing Channel vulnerability in Silabs GSDK on ARM potentially allows Padding Oracle Crypto Attack on CBC PKCS7.This issue affects GSDK: through 4.4.0. Published: 2023-12-21T20:33:04.967Z Updated: 2025-04-23T16:23:05.829Z Open on db.gcve.eu Reference links https://siliconlabs.lightning.force.com/sfc/servlet.shepherd/document/download/069Vm0000007rArIAI?operationContext=S1 https://github.com/SiliconLabs/gecko_sdk/releases	Imported from gcve-enriched-dumps CVE data
`CVE:CVE-2023-3487`	vulnerable	2026-06-03 14:52:40.997582	Integer overflow in Silicon Labs Gecko Bootloader leads to unbounded memory access HIGH (7.7) An integer overflow in Silicon Labs Gecko Bootloader version 4.3.1 and earlier allows unbounded memory access when reading from or writing to storage slots. Published: 2023-10-20T14:12:44.805Z Updated: 2024-09-25T15:47:54.946Z Open on db.gcve.eu Reference links https://github.com/SiliconLabs/gecko_sdk/releases https://community.silabs.com/s/contentdocument/0698Y00000ZmXqLQAV	Imported from gcve-enriched-dumps CVE data
`CVE:CVE-2023-3024`	vulnerable	2026-06-03 14:52:39.727857	Bluetooth LE segmented 'prepare write response' packet may lead to out-of-bounds memory access MEDIUM (5.9) Forcing the Bluetooth LE stack to segment 'prepare write response' packets can lead to an out-of-bounds memory access. Published: 2023-09-29T16:32:30.503Z Updated: 2024-09-25T15:44:26.053Z Open on db.gcve.eu Reference links https://github.com/SiliconLabs/gecko_sdk https://siliconlabs.lightning.force.com/sfc/servlet.shepherd/document/download/0698Y00000ViQvHQAV/?operationContext=S1	Imported from gcve-enriched-dumps CVE data
`CVE:CVE-2023-2747`	vulnerable	2026-06-03 14:51:43.815556	Uninitialized IV in Silicon Labs SE FW v2.0.0 through v 2.2.1 for internally stored data LOW (3.1) The initialization vector (IV) used by the secure engine (SE) for encrypting data stored in the SE flash memory is uninitialized. Published: 2023-06-15T19:49:29.785Z Updated: 2024-12-11T20:59:11.466Z Open on db.gcve.eu Reference links https://community.silabs.com/sfc/servlet.shepherd/document/download/0698Y00000U2sFvQAJ?operationContext=S1 https://github.com/SiliconLabs/gecko_sdk	Imported from gcve-enriched-dumps CVE data
`CVE:CVE-2023-0775`	vulnerable	2026-06-03 14:48:52.707425	Bluetooth LE Invalid prepare write request command leads to denial of service MEDIUM (6.5) An invalid ‘prepare write request’ command can cause the Bluetooth LE stack to run out of memory and fail to be able to handle subsequent connection requests, resulting in a denial-of-service. Published: 2023-03-28T16:23:29.836Z Updated: 2025-02-18T20:11:16.516Z Open on db.gcve.eu Reference links https://siliconlabs.lightning.force.com/sfc/servlet.shepherd/document/download/0698Y00000SMMyGQAX?operationContext=S1 https://github.com/SiliconLabs/gecko_sdk	Imported from gcve-enriched-dumps CVE data

Contribute

You can submit an edit proposal for this CPE entry or suggest a related product/vendor addition using the action button above.