CVE-2024-2502 Vulnerability Details

  /     /     /  

CVE-2024-2502 Metadata Quick Info

CVE Published: 29/08/2024 | CVE Updated: 30/08/2024 | CVE Year: 2024
Source: Silabs | Vendor: silabs.com | Product: SE Firmware
Status : PUBLISHED

---

CVE-2024-2502 Description

An application can be configured to block boot attempts after consecutive tamper resets are detected, which may not occur as expected. This is possible because the TAMPERRSTCAUSE register may not be properly updated when a level 4 tamper event (a tamper reset) occurs. This impacts Series 2 HSE-SVH devices, including xG23B, xG24B, xG25B, and xG28B, but does not impact xG21B. To mitigate this issue, upgrade to SE Firmware version 2.2.6 or later.

Metrics

CVSS Version: 3.1 | Base Score: 2 LOW
Vector: CVSS:3.1/AV:P/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:N

l➤ Exploitability Metrics:
    Attack Vector (AV)* PHYSICAL
    Attack Complexity (AC)* HIGH
    Privileges Required (PR)* NONE
    User Interaction (UI)* NONE
    Scope (S)* UNCHANGED

l➤ Impact Metrics:
    Confidentiality Impact (C)* NONE
    Integrity Impact (I)* LOW
    Availability Impact (A)* NONE

Weakness Enumeration (CWE)

CWE-ID: CWE-754
CWE Name: CWE-754 Improper Check for Unusual or Exceptional Conditions
Source: silabs.com

Common Attack Pattern Enumeration and Classification (CAPEC)

CAPEC-ID: CAPEC-440
CAPEC Description: CAPEC-440 Hardware Integrity Attack


Source: NVD (National Vulnerability Database).