Silicon labs especially produce circuits to connect the old serial interface (protocol) to the USB. In many cases, the installation program of the concerned drivers and software has a safety hole that allows you to inject your own library and thus inject your own code.
Advertisement
One Summary hides silicon labs Behind a login. However, CVE entries are public for weak products. According to him, installer does not filter the search path properly, making these so -called DLL injection intervals open. At the beginning of the installer, the attackers can take advantage of this to increase their privileges or execute arbitrary code.
Deferred reclamation in C++26: read-copy update and threat indicatorOverall, the installation package of ten silicon labs products has been affected:
- Silicon Labs (8-bit) IDE (CVE-2024-9490CVSS 8.6“risk”High,
- Silicon Labs Configuration Wizard 2 (CVE-2024-9491CVSS 8.6, High,
- Silicon Labs Flash Programming Utility (CVE-2024-9492CVSS 8.6, High,
- Silicon Labs Toolstick (CVE-2024-9493CVSS 8.6, High,
- Silicon Labs CP210 VCP Win 2K (CVE-2024-9494CVSS 8.6, High,
- Silicon Labs CP210X VCP Windows (CVE-2024-9495CVSS 8.6, High,
- Silicon Labs USBXPress Dev Kit (CVE-2024-9496CVSS 8.6, High,
- Silicon Labs USBXPress 4 SDK (CVE-2024-9497CVSS 8.6, High,
- Silicon Labs USBXPress SDK (CVE-2024-9498CVSS 8.6, High,
- Silicon Labs USBXPress Win 98se Dave Kit (CVE-2024-9499CVSS 8.6, High,
Older operating systems such as USBXPress are clearly available in weaker versions Silicon Labs Download Page Available. Anyone who still requires this software should contact the company’s support and ask about the error-improved installer. Except for a universal Windows driver for CP210X-VCP module, they are also Installer for USB converters Even more old. If necessary, it can also be helpful to seek support from the manufacturer for error-improved installation packages.
The purpose of previous installation programs was to carry non-installed media such as USB sticks and delete from the computer so that the attackers could not misuse them to expand their rights.
DLL injection weaknesses occur more often and threatens the safety of the system. In 2021, the unit of Kasia’s unit Windows agent also had DLL injection and binary planting gap, which means that the third party code can be inserted.
(DMK)
Deferred reclamation in C++26: read-copy updates and dangerous pointers
