CVE-2025-14547
Integer Underflow in Silicon Labs PSA Crypto Causes DoS
Publication date: 2026-02-20
Last updated on: 2026-02-20
Assigner: Silicon Graphics (SGI)
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| silicon_labs | psa_crypto | * |
| silicon_labs | se_manager | * |
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-191 | The product subtracts one value from another, such that the result is less than the minimum allowable integer value, which produces a value that is not equal to the correct result. |
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?
This vulnerability is an integer underflow issue found in Silicon Lab's implementation of PSA Crypto and SE Manager EC-JPAKE APIs during the parsing of zero-knowledge proofs (ZKP). An integer underflow occurs when a calculation results in a value smaller than the minimum representable value, which can cause unexpected behavior.
Triggering this underflow leads to a hard fault, which is a severe error causing the system to stop normal operation temporarily.
In summary, this vulnerability can cause the affected system to crash or become temporarily unavailable when processing certain cryptographic operations.
How can this vulnerability impact me? :
The primary impact of this vulnerability is a temporary denial of service (DoS). When exploited, it causes a hard fault that disrupts normal system operation.
This means that the affected device or application may crash or become unresponsive temporarily, potentially interrupting critical cryptographic functions.
How does this vulnerability affect compliance with common standards and regulations (like GDPR, HIPAA)?:
I don't know
How can this vulnerability be detected on my network or system? Can you suggest some commands?
I don't know
What immediate steps should I take to mitigate this vulnerability?
I don't know