Skip to main content

Simplicity SDK CVE-2026-4930

| EUVDEUVD-2026-39534 HIGH
Insufficient Entropy (CWE-331)
2026-06-25 Silabs GHSA-7ccr-fw66-p8jj
7.1
CVSS 4.0 · Vendor: Silabs
Share

Severity by source

Vendor (Silabs) PRIMARY
7.1 HIGH
CVSS:4.0/AV:P/AC:L/AT:N/PR:H/UI:N/VC:H/VI:N/VA:N/SC:H/SI:H/SA:H/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
vuln.today AI
4.7 MEDIUM

Physical access for power traces (AV:P), prior code execution (PR:H), and DPA expertise/equipment (AC:H); only key confidentiality is impacted (C:H) and extracted keys affect other systems (S:C).

3.1 AV:P/AC:H/PR:H/UI:N/S:C/C:H/I:N/A:N
4.0 AV:P/AC:H/AT:N/PR:H/UI:N/VC:H/VI:N/VA:N/SC:H/SI:N/SA:N

Primary rating from Vendor (Silabs).

CVSS VectorVendor: Silabs

CVSS:4.0/AV:P/AC:L/AT:N/PR:H/UI:N/VC:H/VI:N/VA:N/SC:H/SI:H/SA:H/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
Attack Vector
Physical
Attack Complexity
Low
Privileges Required
High
User Interaction
None
Scope
X

Lifecycle Timeline

1
Analysis Generated
Jun 25, 2026 - 19:16 vuln.today

DescriptionCVE.org

SYMCRYPTO is the SiXG301's host side hardware engine accessed by PSA crypto library that accelerates symmetric cryptographic operations (AES encryption/decryption and hashing).

DPA Countermeasures on SYMCRYPTO can be weakened (reduced entropy) by forcing certain seed values if an attacker gains code execution capability on the impacted device.

  • Therefore, the keys loaded on SYMCRYPTO may be more vulnerable to extraction through DPA attacks than intended

AnalysisAI

Reduced cryptographic key protection in Silicon Labs' SiXG301 SYMCRYPTO hardware engine (exposed via the Simplicity SDK PSA crypto library) allows an attacker who already has on-device code execution to weaken the engine's Differential Power Analysis (DPA) countermeasures by forcing low-entropy seed values, making AES/hashing keys far easier to recover through subsequent power-analysis side-channel attacks. The flaw affects embedded systems built on the SiXG301 SoC and was reported by Silicon Labs. …

Unlock full vulnerability intelligence

  • Risk assessment & exploitation conditions
  • Attack chain visualization
  • Remediation with exact patch versions
  • Threat intelligence from 22 sources
  • Personal watchlist & email alerts

Free forever · No credit card required

Attack ChainAIDerived

Hypothetical attack flow derived from CVE metadata

Access
Gain code execution on SiXG301 device
Delivery
Force low-entropy DPA seed values
Exploit
Attach physical power-analysis probes
Execution
Collect traces during AES operations
Persist
Recover symmetric keys via DPA
Impact
Decrypt data / impersonate device

Vulnerability AssessmentAI

Exploitation Exploitation requires two concrete, chained prerequisites explicitly drawn from the description and CVSS vector: (1) the attacker must first gain arbitrary code execution on the impacted SiXG301 device in order to force the specific low-entropy seed values that weaken SYMCRYPTO's DPA countermeasures (PR:H), and (2) physical access to the device to perform the actual Differential Power Analysis power-trace capture needed to extract the now-less-protected AES/hashing keys (AV:P). … Additional conditions and limiting factors are described in the full assessment.
Risk Assessment The vendor CVSS 4.0 vector (CVSS:4.0/AV:P/AC:L/AT:N/PR:H/UI:N/VC:H/VI:N/VA:N/SC:H/SI:H/SA:H, base 7.1) frames this realistically as a high-privilege, physical-access, side-channel weakness rather than a remotely weaponizable bug. … Full risk analysis with EPSS, KEV, and SSVC signal comparison available after sign-in.
Exploit Scenario An attacker who has already achieved code execution on a SiXG301-based device (e.g., via a separate firmware flaw or supply-chain implant) executes code that forces SYMCRYPTO's DPA countermeasure seeds to low-entropy values, then attaches power-measurement probes and collects traces while the device performs AES operations. Using standard DPA correlation, they recover the symmetric keys loaded in the engine, compromising data confidentiality and any trust anchored on those keys. …
Remediation No vendor-released patch version is identified in the available data; consult the Silicon Labs advisory at https://community.silabs.com/068Vm00000sjHs3 for the official fix and apply the vendor-recommended SDK/firmware update for the SiXG301 once a fixed version is published. … Detailed patch versions, workarounds, and compensating controls in full report.

Recommended ActionAI

24 hours: Identify all deployed systems using Silicon Labs SiXG301 SYMCRYPTO engine via product documentation and BOM review. …

Sign in for detailed remediation steps and compensating controls.

Threat intelligence, references, and detailed analysis are available after sign-in.

Share

CVE-2026-4930 vulnerability details – vuln.today

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy