Skip to main content

EFR32xG27 CVE-2026-2815

| EUVDEUVD-2026-39394 HIGH
Small Seed Space in PRNG (CWE-339)
2026-06-25 Silabs GHSA-f2cj-j66g-55wj
8.4
CVSS 4.0 · Vendor: Silabs
Share

Severity by source

Vendor (Silabs) PRIMARY
8.4 HIGH
CVSS:4.0/AV:A/AC:L/AT:N/PR:N/UI:N/VC:H/VI:N/VA:N/SC:H/SI:H/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
vuln.today AI
9.3 CRITICAL

Adjacent radio attack with no privileges/UI; predictable keys break confidentiality and enable device impersonation (I:H) affecting downstream connected systems, hence scope change S:C; no availability impact.

3.1 AV:A/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:N
4.0 AV:A/AC:L/AT:N/PR:N/UI:N/VC:H/VI:N/VA:N/SC:H/SI:H/SA:N

Primary rating from Vendor (Silabs).

CVSS VectorVendor: Silabs

CVSS:4.0/AV:A/AC:L/AT:N/PR:N/UI:N/VC:H/VI:N/VA:N/SC:H/SI:H/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
Attack Vector
Adjacent
Attack Complexity
Low
Privileges Required
None
User Interaction
None
Scope
X

Lifecycle Timeline

1
Analysis Generated
Jun 25, 2026 - 14:28 vuln.today

DescriptionCVE.org

Incorrect use of the PUF key for user key generation in EFR32xG27 results in predictable keys

AnalysisAI

Predictable cryptographic key generation in Silicon Labs EFR32xG27 wireless SoCs stems from incorrect use of the on-chip PUF (Physical Unclonable Function) when deriving user keys, allowing an adjacent attacker to anticipate or reconstruct keys that should be unique and secret. Affected firmware built with the Silicon Labs SiSDK loses the confidentiality and authentication guarantees of derived keys. …

Unlock full vulnerability intelligence

  • Risk assessment & exploitation conditions
  • Attack chain visualization
  • Remediation with exact patch versions
  • Threat intelligence from 22 sources
  • Personal watchlist & email alerts

Free forever · No credit card required

Attack ChainAIDerived

Hypothetical attack flow derived from CVE metadata

Access
Gain wireless adjacency to EFR32xG27 device
Delivery
Capture encrypted traffic or key material
Exploit
Predict user key from flawed PUF derivation
Execution
Decrypt traffic or impersonate device
Impact
Compromise confidentiality of connected systems

Vulnerability AssessmentAI

Exploitation Exploitation requires that the target's user keys were generated using the affected EFR32xG27 PUF-based key-generation path in the vulnerable SiSDK - devices provisioned/keyed with the flawed code are the vulnerable population. … Additional conditions and limiting factors are described in the full assessment.
Risk Assessment The vendor CVSS 4.0 vector (AV:A/AC:L/AT:N/PR:N/UI:N/VC:H/SC:H/SI:H, base 8.4 High) indicates an adjacent-network, low-complexity attack requiring no privileges or user interaction, with high confidentiality impact and high impact to subsequent (downstream/connected) systems. … Full risk analysis with EPSS, KEV, and SSVC signal comparison available after sign-in.
Exploit Scenario An attacker within wireless range of an EFR32xG27-based device predicts or reconstructs the device's user key by exploiting the flawed PUF-based key generation, then decrypts intercepted communications or impersonates the device to connected systems. No public POC is known, so the attacker must perform device-specific cryptanalysis informed by the disclosed flaw rather than run an off-the-shelf exploit; the low attack complexity (AC:L) means no special timing or race conditions are required once adjacency is achieved.
Remediation Apply the Silicon Labs fix by updating to the patched SiSDK from the official release repository (https://github.com/SiliconLabsSoftware/sisdk-release) and consult the vendor advisory (https://siliconlabs.lightning.force.com/sfc/servlet.shepherd/document/download/069Vm00000kDYsfIAG?operationContext=S1) for the exact fixed version and any required key re-provisioning steps - the input confirms a patch is available but does not name an exact fixed version, so verify it in the advisory rather than assuming. … Detailed patch versions, workarounds, and compensating controls in full report.

Recommended ActionAI

24 hours: Inventory all devices using EFR32xG27 SoCs and identify current SiSDK firmware versions in production; contact Silicon Labs for patch availability and compatibility assessment. …

Sign in for detailed remediation steps and compensating controls.

Threat intelligence, references, and detailed analysis are available after sign-in.

Share

CVE-2026-2815 vulnerability details – vuln.today

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy