TRNG is used before initialization by ECDSA signing driver when exiting EM2/EM3 on Virtual Secure Vault (VSE) devices. This defect may allow Signature Spoofing by Key Recreation.This issue affects Gecko SDK through v4.4.0.
2024-02-21T19:15:08.813
2025-02-12T16:52:42.397
Analyzed
CVSSv3.1: 6.8 (MEDIUM)
| Type | Vendor | Product | Version/Range | Vulnerable? |
|---|---|---|---|---|
| Application | silabs | gecko_software_development_kit | ≤ 4.4.0 | Yes |