Sisdk
Monthly
Improper bounds validation in Silicon Labs EmberZNet SDK versions 9.0.2 and earlier exposes Zigbee-connected devices to crashes and dynamic memory leakage via network-reachable input. Authenticated network attackers can trigger the flaw with low complexity, resulting in denial-of-service conditions or unintended disclosure of heap contents. No public exploit has been identified at time of analysis, and a vendor patch is available via the SISDK GitHub release repository.
Predictable cryptographic key generation in Silicon Labs EFR32xG27 wireless SoCs stems from incorrect use of the on-chip PUF (Physical Unclonable Function) when deriving user keys, allowing an adjacent attacker to anticipate or reconstruct keys that should be unique and secret. Affected firmware built with the Silicon Labs SiSDK loses the confidentiality and authentication guarantees of derived keys. No public exploit identified at time of analysis; the issue was self-reported by Silicon Labs and a vendor patch is available.
Improper bounds validation in Silicon Labs EmberZNet SDK versions 9.0.2 and earlier exposes Zigbee-connected devices to crashes and dynamic memory leakage via network-reachable input. Authenticated network attackers can trigger the flaw with low complexity, resulting in denial-of-service conditions or unintended disclosure of heap contents. No public exploit has been identified at time of analysis, and a vendor patch is available via the SISDK GitHub release repository.
Predictable cryptographic key generation in Silicon Labs EFR32xG27 wireless SoCs stems from incorrect use of the on-chip PUF (Physical Unclonable Function) when deriving user keys, allowing an adjacent attacker to anticipate or reconstruct keys that should be unique and secret. Affected firmware built with the Silicon Labs SiSDK loses the confidentiality and authentication guarantees of derived keys. No public exploit identified at time of analysis; the issue was self-reported by Silicon Labs and a vendor patch is available.