Security
Headlines
HeadlinesLatestCVEs

Headline

CVE-2023-5310: Releases · SiliconLabs/gecko_sdk

A denial of service vulnerability exists in all Silicon Labs Z-Wave controller and endpoint devices running Z-Wave SDK v7.20.3 (Gecko SDK v4.3.3) and earlier. This attack can be carried out only by devices on the network sending a stream of packets to the device.

CVE
#vulnerability#dos#c++#ssl

v4.4.0

Gecko SDK (GSDK) Version 4.4.0.0

Component

Version

Summary

Details

32-Bit MCU SDK

6.6.0.0

- Added support for new OPNs
- Upgrade compilers to GCC 12.2.1 and IAR 9.40.1

Release Notes

Bluetooth SDK

7.0.0.0

Bluetooth
- Bluetooth Connection Analyzer can retrieve detailed connection parameters of a local connection and allows non-connected devices to track the RSSI of the connected devices
Multiprotocol
- Concurrent Listening support (RCP) – MG21 and MG24
- Concurrent Multiprotocol (CMP) Zigbee NCP + OpenThread RCP – production
- Dynamic Multiprotocol Bluetooth + Concurrent Multiprotocol (CMP) Zigbee and OpenThread support on SoC

Release Notes

Bluetooth Location Services

7.0.0.0

- Underlying code changes only

Release Notes

Bluetooth Mesh SDK

6.0.0.0

- Qualified implementation of Bluetooth Mesh 1.1
- Added Network Lighting Control (NLC) profiles

Release Notes

Gecko Platform

4.4.0.0

Peripherals
- New API names introduced for low-level drivers (with compatibility layer for old names)
Services
- APIs for accessing value of tokens added to Token Manager
CPC
- NVM3 module, enabling Host access to Secondary device’s non-volatile memory, released at production quality
- CPC Primary, for use with MCU Hosts, released at Experimental quality
- Numerous optimizations and performance improvements made
Security
- Mbed TLS upgraded (to version 3.5.0)
RAIL
- Several new features added for EFR32xG25 devices, including a new component for selecting modulations supported by the software modem
- Support added for several new PHYs, including Sidewalk PHYs on EFR32xG23 and EFR32xG28
Other components
- Compilers upgraded (to GCC 12.2.1 and IAR 9.40.1)

Release Notes

OpenThread SDK

2.4.0.0

Thread
- Thread 1.3.0 certification compliance with Thread Test Harness v59.0 for SoC and Host-RCP architectures
- Thread 1.3.1 feature support - Experimental
- Crash Handler support
- TrustZone Evaluation support
- MR21 support for OpenThread RCP – Production
Multiprotocol
- Concurrent Listening support (RCP) – MG21 and MG24
- Concurrent Multiprotocol (CMP) Zigbee NCP + OpenThread RCP – production
- Dynamic Multiprotocol Bluetooth + Concurrent Multiprotocol (CMP) Zigbee and OpenThread support on SoC

Release Notes

Proprietary Flex SDK

3.7.0.0

Connect
- Support of SUN-FSK and SUN-OFDM
- Hardware Abstraction Layer update
- Added Hardware Support: MG24 QFN40, EFRBG22-E, EFR32xG28 Explorer Kit
RAIL SDK
- Connect OFDM support for some Applications
- EFR32xG28 Proprietary 2.4 GHz 15.4 Standard PHY Support
- Added Hardware Support: MG24 QFN40, EFRBG22-E, EFR32xG28 Explorer Kit

Release Notes

USB Device Stack

1.2.0.0

- Targeted quality improvements and bug fixes

Release Notes

Wi-SUN SDK

1.8.0.0

Wi-SUN Stack
- Added support for LFN multicast reception
- Added support for non-standard PHY configurations
- Added support for blocking sockets
Wi-SUN Application Improvements
- Configurable LFN Support for all the applications
- Wi-SUN – SoC Network Measurement
- Wi-SUN – SoC (CoAP) Meter and Wi-SUN – SoC (CoAP) Collector

Release Notes

Z-Wave and Z-Wave Long Range 700/800 SDK Certified GA

7.21.0.0

- BRD2705 Explorer kit includes new applications
- Various quality improvements
- Z-Wave PC-based Zniffer v6.48 released with CSV export feature

Release Notes

Zigbee EmberZNet SDK

7.4.0.0

Zigbee
- Zigbee R23 compliance
- Zigbee Smart Energy 1.4a compliance - production
- Zigbee GP 1.1.2 compliance - Alpha
- MG27 support - production
- Improved support for Secure Vault parts
- Sleepy support on NCP SPI (non-CPC) applications – Alpha
Multiprotocol
- Concurrent Listening support (RCP) – MG21 and MG24
- Concurrent Multiprotocol (CMP) Zigbee NCP + OpenThread RCP – production
- Dynamic Multiprotocol Bluetooth + Concurrent Multiprotocol (CMP) Zigbee and OpenThread support on SoC

Release Notes

v4.3.2

v4.1.6

v4.2.4

v4.3.1

v4.1.5

v4.3.0

Gecko SDK (GSDK) Version 4.3.0.0

Component

Version

Summary

Details

32-Bit MCU SDK

6.5.0.0

- Added support for new OPNs

Release Notes

Bluetooth SDK

6.0.0.0

Bluetooth
- Bluetooth 5.4 support including Periodic Advertisements with Responses (PAwR) and Encrypted Advertisement Data (EAD) features
- Electronic Shelf Label (ESL) Service / Profile support - both Tag and Access Point (AP) roles
- Object Transfer Service / Profile support
- Periodic Advertisement Sync Transfer (PAST) support
- LE Privacy 1.2
Multiprotocol
- Zigbee/OpenThread Concurrent Multiprotocol SoC sample app
- CPC GPIO expander module
- Zigbeed enhancements

Release Notes

Bluetooth Location Services

6.0.0.0

- Some library variants now compile with Position Independent Code flags

Release Notes

Bluetooth Mesh SDK

5.0.0.0

- Support for Mesh Protocol 1.1
- Support for Mesh Model 1.1
- Support for Mesh Binary Large Object Transfer
- Support for Mesh Device Firmware Update

Release Notes

Gecko Platform

4.3.0.0

-Support for EFR32xG27 devices
-Power Manager update for optimized return from EM2
-CPC support for multiple SPI clients
-CPC remote peripheral (GPIO) access
-License change (to open-source zlib) for various platform files

Release Notes

OpenThread SDK

2.3.0.0

OpenThread
Thread 1.3.1 (experimental)
- IPv4/v6 public internet connectivity: NAT64 improvements, optimization of published routes and prefixes in network data
- DNS enhancements for OTBR
- Thread over Infrastructure (TREL)
Network Diagnostics (experimental)
- Child supervision by parent
- Additional link quality information in child table
- Uptime for routers
Multiprotocol
- Zigbee/OpenThread Concurrent Multiprotocol SoC sample app
- CPC GPIO expander module
- Zigbeed enhancements

Release Notes

Proprietary Flex SDK

3.6.0.0

RAIL Apps and Library:
- FG23 Direct Mode settings in Radio Configurator
- WM-BUS T+C PHY support
- FGM230S WM-BUS PHYs and Application support
- RAIL NCP Sample Applications
- PSM support for DSSS-OQPSK Long Range PHYs
Connect Apps and Stack:
- Connect NCP support
- FGM230S Connect support

Release Notes

USB Device Stack

1.1.2.0

- Internal modifications to reduce USB stack code size

Release Notes

Wi-SUN SDK

1.6.0.0

Wi-SUN Stack
- EFR32FG28 support
- Connection time improvements
- LFN support improvements
Wi-SUN Applications
- Firmware over-the-air update
- Wi-SUN configurator update

Release Notes

Z-Wave and Z-Wave Long Range 700/800 SDK Pre-Certified GA

7.20.0.0

- FG28/ZG28-based radio boards BRD4401A/B supported
- Z-Wave FLiRS inclusion performance improved in large networks
- Z-Wave Long Range wakeup beam performance improved
- Simplified application development by moving logic from the Apps to ZAF
- 800 DevKit (BRD2603) includes new applications and Multilevelsensor extended with new features
- Improved documentation to better support development from idea to certification
- Z-Wave Simulator available for Z-Wave Alliance members
- Z-Wave PC-based Zniffer v4.67 released

Release Notes

Zigbee EmberZNet SDK

7.3.0.0

Zigbee
Zigbee R23 compliance, with these Security enhancements among others:
- Dynamic link key negotiation
- Device interview to query devices before they are allowed to join
- Trust Center Swap Out to replace an existing Trust Center with a new one
- Frame Counter Synchronization
Zigbee Direct Device (ZDD) support for:
- Onboarding/commissioning
- Communication to all Zigbee devices without a hub (Alpha), using Bluetooth LE
Zigbee Smart Energy 1.4a compliance (Alpha)
Enhancements to Zigbee GP APIs
New Zigbee Security upgrade component for moving encryption keys from cleartext NVM3 tokens into secure storage
Multiprotocol
Zigbee/OpenThread Concurrent Multiprotocol SoC sample app
CPC GPIO expander module
Zigbeed enhancements

Release Notes

v4.2.3

v4.2.2

v4.2.1

Gecko SDK (GSDK) Version 4.2.1.0

WARNING: The Bluetooth mesh SDK is not included in GSDK 4.2.1.0, because this version of the Bluetooth mesh SDK contains material that is not yet released to the public by the Bluetooth SIG.

Current Bluetooth mesh users should not update to this version, as your current Bluetooth mesh SDK will be deleted. If you do install it, you can revert to version 4.1.4 or earlier by installing it from the Tags tab.

Alternatively, if you are a Bluetooth SIG member, you can obtain a version based on the upcoming Bluetooth mesh 1.1 specification by raising a Silicon Labs Salesforce ticket with BTMesh as the Software Solution.

Component

Version

Summary

Details

32-Bit MCU SDK

6.4.1.0

- Underlying platform changes only

Release Notes

Bluetooth SDK

5.1.0.0

- Targeted quality improvements and bug fixes

Release Notes

Bluetooth Location Services

5.1.0.0

- Underlying code changes only

Release Notes

Gecko Platform

4.2.1.0

- Targeted quality improvements and bug fixes

Release Notes

OpenThread SDK

2.2.1.0

- Targeted quality improvements and bug fixes

Release Notes

Proprietary Flex SDK

3.5.1.0

- Targeted quality improvements and bug fixes

Release Notes

USB Device Stack

1.1.1.0

- Targeted quality improvements and bug fixes

Release Notes

Wi-SUN SDK

1.5.0.0

- EFR32FG25 launch support
- Enhancements to the Border Router RCP
- Other targeted quality improvements and bug fixes

Release Notes

Z-Wave and Z-Wave Long Range 700/800 SDK GA

7.19.1.0

- Certified according to the approved 2022 Specification test suite
- Various bug fixes, refer to release notes

Release Notes

Zigbee EmberZNet SDK

7.2.1.0

- Multiprotocol: Zigbeed now supports coex EZSP commands
- Other targeted quality improvements and bug fixes

Release Notes

Full Changelog: v4.2.0…v4.2.1

CVE: Latest News

CVE-2023-50976: Transactions API Authorization by oleiman · Pull Request #14969 · redpanda-data/redpanda
CVE-2023-6905
CVE-2023-6903
CVE-2023-6904
CVE-2023-3907