Login Sign Up

CVE-2023-3487

7.7 HIGH

📋 TL;DR

An integer overflow vulnerability in Silicon Labs Gecko Bootloader versions 4.3.1 and earlier allows attackers to access memory beyond allocated boundaries when reading from or writing to storage slots. This affects devices using vulnerable Gecko SDK versions, potentially enabling arbitrary code execution or data corruption. Embedded systems and IoT devices with these bootloaders are at risk.

💻 Affected Systems

Products:
  • Silicon Labs Gecko Bootloader
Versions: 4.3.1 and earlier
Operating Systems: Embedded systems using Gecko SDK
Default Config Vulnerable: ⚠️ Yes
Notes: Affects devices using Gecko SDK with vulnerable bootloader versions; specific device models depend on SDK integration.

📦 What is this software?

Gecko Bootloader by Silabs

View all CVEs affecting Gecko Bootloader →

⚠️ Risk & Real-World Impact

🔴

Worst Case

Remote code execution leading to complete device compromise, persistent malware installation, or bricking of devices.

🟠

Likely Case

Memory corruption causing device crashes, data corruption in storage slots, or denial of service.

🟢

If Mitigated

Limited impact with proper memory protections and access controls, potentially only causing isolated crashes.

🌐 Internet-Facing: MEDIUM
🏢 Internal Only: MEDIUM

🎯 Exploit Status

Public PoC: ✅ No
Weaponized: UNKNOWN
Unauthenticated Exploit: ⚠️ Yes
Complexity: MEDIUM

Exploitation requires access to bootloader functions; may be chained with other vulnerabilities for remote attacks.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: Gecko SDK 4.4.0 or later

Vendor Advisory: https://community.silabs.com/s/contentdocument/0698Y00000ZmXqLQAV

Restart Required: Yes

Instructions:

1. Update to Gecko SDK 4.4.0 or later. 2. Recompile and flash firmware with patched bootloader. 3. Verify bootloader version after update.

🔧 Temporary Workarounds

Disable unnecessary storage slots

all

Reduce attack surface by disabling unused storage slots in bootloader configuration.

Modify bootloader configuration to set unused slots to read-only or disable them

🧯 If You Can't Patch

  • Implement strict access controls to limit bootloader access to trusted entities only.
  • Monitor device logs for abnormal bootloader activity or memory access errors.

🔍 How to Verify

Check if Vulnerable:

Check bootloader version in device firmware; if version is 4.3.1 or earlier, it is vulnerable.

Check Version:

Use device-specific commands to query bootloader version (e.g., through debug interface or firmware tools).

Verify Fix Applied:

Verify bootloader version is 4.4.0 or later after update.

📡 Detection & Monitoring

Log Indicators:

  • Bootloader error messages related to memory access
  • Unexpected reboots or crashes during storage operations

Network Indicators:

  • Unusual network traffic to/from device during boot sequences

SIEM Query:

Search for logs containing 'bootloader' AND ('error' OR 'crash') from affected devices.

📊 Metadata

CVE ID: CVE-2023-3487
CVSS v3 Score: 7.7 (HIGH)
CVSS Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N
CWE: CWE-125
Published: October 20, 2023
Last Updated: November 21, 2024

🔗 References

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2023-3487, you might also want to check these:

CVE-2021-41556 10.0

CVE-2021-41556 is a critical out-of-bounds read vulnerability in Squirrel scripting language that al...

Same vulnerability type (CWE-125)
CVE-2024-22004 10.0

This vulnerability allows attackers with privileged access on Linux non-secure operating systems to ...

Same vulnerability type (CWE-125)
CVE-2021-21777 10.0

CVE-2021-21777 is a critical out-of-bounds read vulnerability in the Ethernet/IP UDP handler of OpEN...

Same vulnerability type (CWE-125)