CVE-2023-41093

Use After Free vulnerability in Silicon Labs Bluetooth SDK on 32 bit, ARM may allow an attacker with precise timing capabilities to intercept a small number of packets intended for a recipient that has left the network.This issue affects Silabs Bluetooth SDK: through 8.0.0.

CVSS v3 3.1 LOW

3.1^/10

CVSS v3 : LOW

Vector :

Exploitability : 1.6 / Impact : 1.4

Attack Vector ADJACENT_NETWORK

Attack Complexity HIGH

Privileges Required NONE

User Interaction NONE

Confidentiality Impact LOW

Integrity Impact NONE

Availability Impact NONE

Scope UNCHANGED

References

Link	Resource
https://community.silabs.com/068Vm000007v4HP	Permissions Required
https://community.silabs.com/068Vm000007v4HP	Permissions Required

Configurations

Configuration 1 (hide)

cpe:2.3:a:silabs:bluetooth_low_energy_software_development_kit:*:*:*:*:*:*:*:*

History

21 Nov 2024, 08:20

Type	Values Removed	Values Added
References	~~() https://community.silabs.com/068Vm000007v4HP - Permissions Required~~	() https://community.silabs.com/068Vm000007v4HP - Permissions Required

10 Sep 2024, 16:19

Type	Values Removed	Values Added
References	~~() https://community.silabs.com/068Vm000007v4HP -~~	() https://community.silabs.com/068Vm000007v4HP - Permissions Required
CPE		cpe:2.3:a:silabs:bluetooth_low_energy_software_development_kit::::::::
First Time		Silabs Silabs bluetooth Low Energy Software Development Kit

15 Jul 2024, 13:00

Type	Values Removed	Values Added
Summary		(es) Vulnerabilidad de Use After Free en el SDK Bluetooth de Silicon Labs en 32 bits, ARM puede permitir que un atacante con capacidades de sincronización precisa intercepte una pequeña cantidad de paquetes destinados a un destinatario que ha abandonado la red. Este problema afecta al SDK Bluetooth de Silabs: hasta 8.0.0.

12 Jul 2024, 20:15

Type	Values Removed	Values Added
New CVE

Information

Published : 2024-07-12 20:15

Updated : 2024-11-21 08:20

NVD link : CVE-2023-41093

Mitre link : CVE-2023-41093

CVE.ORG link : CVE-2023-41093

JSON object : View

Products Affected

silabs

bluetooth_low_energy_software_development_kit

CWE

CWE-416

Use After Free

{"id": "CVE-2023-41093", "metrics": {"cvssMetricV31": [{"type": "Secondary", "source": "product-security@silabs.com", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 3.1, "attackVector": "ADJACENT_NETWORK", "baseSeverity": "LOW", "vectorString": "CVSS:3.1/AV:A/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N", "integrityImpact": "NONE", "userInteraction": "NONE", "attackComplexity": "HIGH", "availabilityImpact": "NONE", "privilegesRequired": "NONE", "confidentialityImpact": "LOW"}, "impactScore": 1.4, "exploitabilityScore": 1.6}, {"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 3.1, "attackVector": "ADJACENT_NETWORK", "baseSeverity": "LOW", "vectorString": "CVSS:3.1/AV:A/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N", "integrityImpact": "NONE", "userInteraction": "NONE", "attackComplexity": "HIGH", "availabilityImpact": "NONE", "privilegesRequired": "NONE", "confidentialityImpact": "LOW"}, "impactScore": 1.4, "exploitabilityScore": 1.6}]}, "published": "2024-07-12T20:15:02.380", "references": [{"url": "https://community.silabs.com/068Vm000007v4HP", "tags": ["Permissions Required"], "source": "product-security@silabs.com"}, {"url": "https://community.silabs.com/068Vm000007v4HP", "tags": ["Permissions Required"], "source": "af854a3a-2127-422b-91ae-364da2661108"}], "vulnStatus": "Undergoing Analysis", "weaknesses": [{"type": "Secondary", "source": "product-security@silabs.com", "description": [{"lang": "en", "value": "CWE-416"}]}, {"type": "Primary", "source": "nvd@nist.gov", "description": [{"lang": "en", "value": "CWE-416"}]}], "descriptions": [{"lang": "en", "value": "Use After Free vulnerability in Silicon Labs Bluetooth SDK on 32 bit, ARM may allow an attacker with precise timing capabilities to intercept a small number of packets intended for a recipient that has left the network.This issue affects Silabs Bluetooth SDK: through 8.0.0."}, {"lang": "es", "value": "Vulnerabilidad de Use After Free en el SDK Bluetooth de Silicon Labs en 32 bits, ARM puede permitir que un atacante con capacidades de sincronizaci\u00f3n precisa intercepte una peque\u00f1a cantidad de paquetes destinados a un destinatario que ha abandonado la red. Este problema afecta al SDK Bluetooth de Silabs: hasta 8.0.0."}], "lastModified": "2024-11-21T08:20:33.030", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:silabs:bluetooth_low_energy_software_development_kit:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "FC0BCCD2-AFFE-4CA7-AE75-E2E4B4C1D9C5", "versionEndIncluding": "8.0.0"}], "operator": "OR"}]}], "sourceIdentifier": "product-security@silabs.com"}