Vulnerabilities > CVE-2022-24936 - Out-of-bounds Write vulnerability in Silabs Gecko Bootloader 4.0.1
Attack vector
NETWORK Attack complexity
LOW Privileges required
NONE Confidentiality impact
NONE Integrity impact
HIGH Availability impact
HIGH Summary
Out-of-Bounds error in GBL parser in Silicon Labs Gecko Bootloader version 4.0.1 and earlier allows attacker to overwrite flash Sign key and OTA decryption key via malicious bootloader upgrade.
Vulnerable Configurations
Part | Description | Count |
---|---|---|
Application | 2 |
Common Weakness Enumeration (CWE)
References
- https://community.silabs.com/sfc/servlet.shepherd/document/download/0698Y00000Gdop4QAB?operationContext=S1
- https://community.silabs.com/sfc/servlet.shepherd/document/download/0698Y00000Gdop4QAB?operationContext=S1
- https://github.com/SiliconLabs/gecko_sdk/blame/2e82050dc8823c9fe0e8908c1b2666fb83056230/platform/bootloader/core/btl_bootload.c
- https://github.com/SiliconLabs/gecko_sdk/blame/2e82050dc8823c9fe0e8908c1b2666fb83056230/platform/bootloader/core/btl_bootload.c