Vulnerabilities
Misconfiguration
Runtime Security
Compliance
CVE Vulnerabilities

CVE-2023-32100

Compiler Removal of Code to Clear Buffers

Published: May 18, 2023 | Modified: Nov 21, 2024
CVSS 3.x
7.5
HIGH
Source:
NVD
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
CVSS 2.x
RedHat/V2
RedHat/V3
Ubuntu
Additional information
NVDhttps://nvd.nist.gov/vuln/detail/CVE-2023-32100
CWEhttps://cwe.mitre.org/data/definitions/14.html

Compiler removal of buffer clearing in

sli_se_driver_mac_compute

in Silicon Labs Gecko Platform SDK v4.2.1 and earlier results in key material duplication to RAM.

Weakness

Sensitive memory is cleared according to the source code, but compiler optimizations leave the memory untouched when it is not read from again, aka “dead store removal.”

Affected Software

Name Vendor Start Version End Version
Gecko_software_development_kit Silabs * 4.2.1 (including)

Extended Description

This compiler optimization error occurs when:

Potential Mitigations

References

Aqua Security is the largest pure-play cloud native security company, providing customers the freedom to innovate and run their businesses with minimal friction. The Aqua Cloud Native Security Platform provides prevention, detection, and response automation across the entire application lifecycle to secure the build, secure cloud infrastructure and secure running workloads wherever they are deployed.
Copyright © 2025 Aqua Security Software Ltd.   Privacy Policy | Terms of Use