{ "id": "CVE-2023-41097", "sourceIdentifier": "product-security@silabs.com", "published": "2023-12-21T21:15:08.020", "lastModified": "2023-12-22T12:18:32.690", "vulnStatus": "Awaiting Analysis", "descriptions": [ { "lang": "en", "value": "An Observable Timing Discrepancy, Covert Timing Channel vulnerability in Silabs GSDK on ARM potentially allows Padding Oracle Crypto Attack on CBC PKCS7.This issue affects GSDK: through 4.4.0.\n\n" }, { "lang": "es", "value": "Una discrepancia de tiempo observable, vulnerabilidad de canal de tiempo oculto en Silabs GSDK en ARM potencialmente permite un ataque de Padding Oracle Crypto en CBC PKCS7. Este problema afecta a GSDK: hasta 4.4.0." } ], "metrics": { "cvssMetricV31": [ { "source": "product-security@silabs.com", "type": "Secondary", "cvssData": { "version": "3.1", "vectorString": "CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", "attackVector": "PHYSICAL", "attackComplexity": "LOW", "privilegesRequired": "NONE", "userInteraction": "NONE", "scope": "UNCHANGED", "confidentialityImpact": "HIGH", "integrityImpact": "NONE", "availabilityImpact": "NONE", "baseScore": 4.6, "baseSeverity": "MEDIUM" }, "exploitabilityScore": 0.9, "impactScore": 3.6 } ] }, "weaknesses": [ { "source": "product-security@silabs.com", "type": "Secondary", "description": [ { "lang": "en", "value": "CWE-208" }, { "lang": "en", "value": "CWE-385" } ] } ], "references": [ { "url": "https://github.com/SiliconLabs/gecko_sdk/releases", "source": "product-security@silabs.com" }, { "url": "https://siliconlabs.lightning.force.com/sfc/servlet.shepherd/document/download/069Vm0000007rArIAI?operationContext=S1", "source": "product-security@silabs.com" } ] }