Description
A reachable infinite loop via an integer wraparound is present in Silicon Labs' Matter SDK which allows an attacker to trigger a denial of service. A hard reset is required to recover the device.
Published: 2026-02-12
Score: 6 Medium
EPSS: < 1% Very Low
KEV: No
Impact: Denial of Service
Action: Patch
AI Analysis

Impact

A reachable infinite loop caused by an integer wraparound occurs in the Silicon Labs Matter SDK. The flaw allows an attacker to send crafted data that triggers the SDK to enter an endless loop, consuming processor cycles until the device becomes unresponsive. The result is a denial‑of‑service condition that requires a hard reset to restore normal operation. The weakness corresponds to CWE‑190 (Integer Overflow or Wraparound) and CWE‑835 (Infinite Loop).

Affected Systems

The issue affects devices that run Silicon Labs Matter, the Matter protocol stack supplied by Silicon Labs. The vendor list identifies Silicon Labs Matter, but no specific firmware or SDK version numbers are supplied. Administrators should review all deployed Matter firmware to determine whether they are using the affected build, focusing on versions prior to any releases that mention the integer wraparound fix.

Risk and Exploitability

The CVSS base score of 6 indicates a medium severity vulnerability. The EPSS score of less than 1% implies a very low probability of exploitation at present, and the vulnerability is not listed in the CISA KEV catalog. The likely attack vector is remote delivery of malformed Matter data, though the description does not state a specific means. Because the attack necessitates an infinite loop, it requires a target that executes the vulnerable Matter SDK code, and the impact is limited to device availability. No public exploits are documented; however, the denial‑of‑service condition can disrupt network services that rely on those devices.

Generated by OpenCVE AI on April 17, 2026 at 19:58 UTC.

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

  • Apply the latest firmware or Matter SDK update released by Silicon Labs that addresses the integer wraparound issue.
  • If an update is not yet available, temporarily disable Matter communication or restrict network access to the device to reduce exposure.
  • Continuously monitor device CPU utilization; if overload is detected, perform a hard reset and investigate for abnormal activity.

Generated by OpenCVE AI on April 17, 2026 at 19:58 UTC.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

History

Fri, 13 Feb 2026 21:45:00 +0000

Type Values Removed Values Added
First Time appeared Silabs.com
Silabs.com silicon Labs Matter
Vendors & Products Silabs.com
Silabs.com silicon Labs Matter

Thu, 12 Feb 2026 21:15:00 +0000

Type Values Removed Values Added
Metrics ssvc

{'options': {'Automatable': 'no', 'Exploitation': 'none', 'Technical Impact': 'partial'}, 'version': '2.0.3'}

Thu, 12 Feb 2026 20:30:00 +0000

Type Values Removed Values Added
Description A reachable infinite loop via an integer wraparound is present in Silicon Labs' Matter SDK which allows an attacker to trigger a denial of service. A hard reset is required to recover the device.
Title Integer Wraparound DoS in Silicon Labs Matter Implementation
Weaknesses CWE-190
CWE-835
References
Metrics cvssV4_0

{'score': 6, 'vector': 'CVSS:4.0/AV:N/AC:L/AT:P/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:L'}

Subscriptions

Silabs.com Silicon Labs Matter
cve-icon MITRE

Status: PUBLISHED

Assigner: Silabs

Published:

Updated: 2026-02-12T20:43:50.690Z

Reserved: 2026-01-05T19:06:00.585Z

Link: CVE-2026-0619

cve-icon Vulnrichment

Updated: 2026-02-12T20:43:42.013Z

cve-icon NVD

Status : Deferred

Published: 2026-02-12T21:16:02.500

Modified: 2026-04-15T00:35:42.020

Link: CVE-2026-0619

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

Updated: 2026-04-17T20:00:09Z

Weaknesses