TRNG Initialization Vulnerability in ECDSA Signing Driver on VSE Devices

TRNG Initialization Vulnerability in ECDSA Signing Driver on VSE Devices

CVE-2024-22473 · MEDIUM Severity

CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:N/I:H/A:N

TRNG is used before initialization by ECDSA signing driver when exiting EM2/EM3 on Virtual Secure Vault (VSE) devices. This defect may allow Signature Spoofing by Key Recreation.This issue affects Gecko SDK through v4.4.0.

Learn more about our Web Application Penetration Testing UK.