Vulnerability Description
Out-of-Bounds error in GBL parser in Silicon Labs Gecko Bootloader version 4.0.1 and earlier allows attacker to overwrite flash Sign key and OTA decryption key via malicious bootloader upgrade.
CVSS Score
8.3
HIGH
CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:L/I:H/A:H
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Silabs | Gecko Bootloader | <= 4.0.1 |
Related Weaknesses (CWE)
References
- https://community.silabs.com/sfc/servlet.shepherd/document/download/0698Y00000GdPermissions RequiredVendor Advisory
- https://github.com/SiliconLabs/gecko_sdk/blame/2e82050dc8823c9fe0e8908c1b2666fb8ExploitThird Party Advisory
- https://community.silabs.com/sfc/servlet.shepherd/document/download/0698Y00000GdPermissions RequiredVendor Advisory
- https://github.com/SiliconLabs/gecko_sdk/blame/2e82050dc8823c9fe0e8908c1b2666fb8ExploitThird Party Advisory
FAQ
What is CVE-2022-24936?
CVE-2022-24936 is a vulnerability with a CVSS score of 8.3 (HIGH). Out-of-Bounds error in GBL parser in Silicon Labs Gecko Bootloader version 4.0.1 and earlier allows attacker to overwrite flash Sign key and OTA decryption key via malicious bootloader upgrade.
How severe is CVE-2022-24936?
CVE-2022-24936 has been rated HIGH with a CVSS base score of 8.3/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2022-24936?
Check the references section above for vendor advisories and patch information. Affected products include: Silabs Gecko Bootloader.