CVE-2023-51392
Silicon Labs EFR32xxx parts with classic key storage do not use hardware accelerated AES-CCM
In short
Silicon Labs Ember ZNet devices used slower software encryption instead of the device's built-in hardware security features, making them vulnerable to attacks that analyze power consumption and electromagnetic signals during encryption.
Technical detail
Ember ZNet versions 7.2.0 through 7.4.0 failed to utilize hardware-accelerated AES-CCM, instead relying on software implementation. This increases susceptibility to side-channel attacks (electromagnetic analysis and differential power analysis) that exploit physical characteristics of the encryption process. The vulnerability affects classic key storage configurations on EFR32xxx parts.
Summary generated and translated by AI from the official description.
Ember ZNet between v7.2.0 and v7.4.0 used software AES-CCM instead of integrated hardware cryptographic accelerators, potentially increasing risk of electromagnetic and differential power analysis sidechannel attacks.
CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
Affected products
silabs.com · Ember ZNet SDKWant to know if your infrastructure is exposed to this?
Talk to TrueHacking →