CVE-2023-2747: Uninitialized IV in Silicon Labs SE FW v2.0.0 through v 2.2.1 for internally stored data
3.1
CVSS
Description
The initialization vector (IV) used by the secure engine (SE) for encrypting data stored in the SE flash memory is uninitialized.
Classification
CVE ID: CVE-2023-2747
CVSS Base Severity: LOW
CVSS Base Score: 3.1
Affected Products
Vendor: silabs.com
Product: GSDK
Exploit Prediction Scoring System (EPSS)
EPSS Score: 0.04% (probability of being exploited)
EPSS Percentile: 14.88% (scored less or equal to compared to others)
EPSS Date: 2025-02-03 (when was this score calculated)
References
https://community.silabs.com/sfc/servlet.shepherd/document/download/0698Y00000U2sFvQAJ?operationContext=S1https://github.com/SiliconLabs/gecko_sdk