CVE-2023-0775 – This vulnerability in Silicon Labs Gecko SDK Bl... (How to Fix)

Q: What is the severity of CVE-2023-0775?

CVE-2023-0775 has a CVSS score of 6.5 (MEDIUM). This vulnerability in Silicon Labs Gecko SDK Bluetooth LE stack allows an attacker to send a malformed 'prepare write request' command that causes memory exhaustion, leading to denial-of-service by preventing new Bluetooth connections. It affects devices using vulnerable versions of the Gecko SDK Bluetooth stack. The impact is limited to Bluetooth functionality disruption.

📋 TL;DR

This vulnerability in Silicon Labs Gecko SDK Bluetooth LE stack allows an attacker to send a malformed 'prepare write request' command that causes memory exhaustion, leading to denial-of-service by preventing new Bluetooth connections. It affects devices using vulnerable versions of the Gecko SDK Bluetooth stack. The impact is limited to Bluetooth functionality disruption.

💻 Affected Systems

Products:

Silicon Labs Gecko SDK Bluetooth LE stack

Versions: Gecko SDK versions prior to 4.3.0

Operating Systems: Any OS using affected Gecko SDK Bluetooth stack

Default Config Vulnerable: ⚠️ Yes

Notes: Affects devices with Bluetooth LE enabled using vulnerable Gecko SDK versions. Requires Bluetooth stack to be active and accessible.

📦 What is this software?

Gecko Software Development Kit by Silabs

View all CVEs affecting Gecko Software Development Kit →

Gecko Software Development Kit by Silabs

View all CVEs affecting Gecko Software Development Kit →

⚠️ Risk & Real-World Impact

🔴

Worst Case

Complete denial of Bluetooth services on affected devices, requiring physical reset or power cycle to restore functionality.

🟠

Likely Case

Temporary Bluetooth service disruption until system restarts or memory is cleared, affecting device connectivity.

🟢

If Mitigated

Minimal impact with proper network segmentation and Bluetooth access controls limiting attacker proximity.

🌐 Internet-Facing: LOW - Requires physical proximity or network access to Bluetooth interface, not directly internet exploitable.

🏢 Internal Only: MEDIUM - Internal attackers with Bluetooth access could disrupt device connectivity within range.

🎯 Exploit Status

Public PoC: ✅ No

Weaponized: UNKNOWN

Unauthenticated Exploit: ⚠️ Yes

Complexity: LOW

Exploitation requires sending malformed Bluetooth packets to vulnerable devices within Bluetooth range. No authentication needed for Bluetooth connection attempts.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: Gecko SDK 4.3.0 and later

Vendor Advisory: https://siliconlabs.lightning.force.com/sfc/servlet.shepherd/document/download/0698Y00000SMMyGQAX?operationContext=S1

Restart Required: Yes

Instructions:

1. Update to Gecko SDK 4.3.0 or later. 2. Rebuild and redeploy firmware for affected devices. 3. Restart devices to apply updated firmware.

🔧 Temporary Workarounds

Disable Bluetooth LE when not needed

all

Turn off Bluetooth LE functionality to prevent exploitation

Device-specific Bluetooth disable commands

Implement Bluetooth access controls

all

Restrict Bluetooth connections to trusted devices only

Configure Bluetooth pairing/connection policies

🧯 If You Can't Patch

Segment network to limit Bluetooth device exposure to untrusted networks
Implement physical security controls to limit attacker proximity to Bluetooth devices

🔍 How to Verify

Check if Vulnerable:

Check Gecko SDK version in device firmware. If version is below 4.3.0 and Bluetooth LE is enabled, device is vulnerable.

Check Version:

Device-specific command to check firmware/Gecko SDK version (varies by implementation)

Verify Fix Applied:

Confirm Gecko SDK version is 4.3.0 or later and test Bluetooth connectivity under normal and stress conditions.

📡 Detection & Monitoring

Log Indicators:

Bluetooth stack memory allocation failures
Bluetooth connection failures after specific command patterns
Bluetooth service crashes/restarts

Network Indicators:

Unusual Bluetooth packet patterns with malformed prepare write requests
Sudden drop in Bluetooth connectivity

SIEM Query:

Search for Bluetooth stack error messages containing 'memory', 'allocation', or 'prepare write' in device logs

📊 Metadata

CVE ID: CVE-2023-0775

CVSS v3 Score: 6.5 (MEDIUM)

CVSS Vector: CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

CWE: CWE-20

Published: March 28, 2023

Last Updated: November 21, 2024

🔗 References

https://github.com/SiliconLabs/gecko_sdk Product
https://siliconlabs.lightning.force.com/sfc/servlet.shepherd/document/download/0698Y00000SMMyGQAX?operationContext=S1 Permissions Required
https://github.com/SiliconLabs/gecko_sdk Product
https://siliconlabs.lightning.force.com/sfc/servlet.shepherd/document/download/0698Y00000SMMyGQAX?operationContext=S1 Permissions Required

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2023-0775, you might also want to check these: