Silicon Labs SiWx91x Buffer Overflow Vulnerability in Wi-Fi and Bluetooth APIs

A vulnerability exists in the Silicon Labs SiWx91x Wi-Fi 6 and Bluetooth Low Energy SDK, specifically in version 3.5.0 and prior. Certain APIs related to Wi-Fi and Bluetooth communication failed to properly validate the size of output buffers, potentially leading to data corruption in applications running on the Cortex-M4 processor. This issue affects various components, including the Wi-Fi network stack, Bluetooth LE functionalities, and the SiWx91x platform APIs.

Impact

Exploitation of this vulnerability could cause data corruption in host applications running on the Cortex-M4 processor.

Reproduction

The vulnerability can be reproduced by using the affected APIs in the SiWx91x Wi-Fi 6 and Bluetooth Low Energy SDK version 3.5.0 or earlier. The APIs can be accessed through the Wi-Fi and Bluetooth components of the SDK, which are available on the Silicon Labs GitHub repository. The vulnerability arises from the APIs not checking the size of the output buffers before data is written, leading to potential buffer overflows and data corruption.

Remediation

Users can upgrade to Silicon Labs SiWx91x Wi-Fi 6 and Bluetooth Low Energy SDK version 3.5.1, which addresses this vulnerability. Instructions for updating the SDK are available in the Silicon Labs WiSeConnect 3 SDK documentation.