Skip to main content

Nuvoton NPCT7xx CVE-2026-6923

| EUVDEUVD-2026-30328 LOW
Improper Protection of Physical Side Channels (CWE-1300)
2026-05-14 INCD GHSA-j7g5-cj58-4v5f
3.8
CVSS 3.1 · NVD

Severity by source

NVD PRIMARY
3.8 LOW
AV:P/AC:H/PR:H/UI:N/S:U/C:H/I:N/A:N

Primary rating from NVD · only source for this CVE.

CVSS VectorNVD

CVSS:3.1/AV:P/AC:H/PR:H/UI:N/S:U/C:H/I:N/A:N
Attack Vector
Physical
Attack Complexity
High
Privileges Required
High
User Interaction
None
Scope
Unchanged
Confidentiality
High
Integrity
None
Availability
None

Lifecycle Timeline

2
Analysis Generated
May 14, 2026 - 17:33 vuln.today
CVE Published
May 14, 2026 - 16:14 nvd
LOW 3.8

DescriptionCVE.org

A side-channel attack, which requires a physical presence to the TPM, can lead to extraction of an Elliptic Curve Diffie-Hellman (ECDH) key.

AnalysisAI

Nuvoton NPCT7xx TPM firmware is vulnerable to physical side-channel attacks enabling extraction of Elliptic Curve Diffie-Hellman (ECDH) keys through electromagnetic or timing analysis when an attacker has direct physical access to the TPM device. The vulnerability affects confidentiality of cryptographic material but does not enable code execution or availability attacks. No active exploitation has been publicly reported, and the attack requires specialized knowledge and physical proximity to the target system.

Technical ContextAI

Nuvoton NPCT7xx is a Trusted Platform Module (TPM) 2.0 implementing cryptographic operations including ECDH key agreement per TPM 2.0 specification (RFC 5869). The vulnerability belongs to CWE-1300 (Physical Attacks) and specifically relates to side-channel information disclosure during cryptographic computations. Side-channel attacks exploit physical phenomena such as power consumption variations, electromagnetic emissions, or timing differences during cryptographic operations to infer secret key material. ECDH is commonly used in TPM for secure attestation, key storage sealing, and key derivation. The attack surface is limited to the TPM hardware itself, not higher-level TPM interfaces.

RemediationAI

No vendor-released patch has been independently confirmed at time of analysis. Mitigation strategies focus on environmental and operational controls rather than firmware updates. Organizations should implement physical security measures including: (1) restrict physical access to TPM devices and system internals via tamper-evident seals, locked enclosures, or guarded server rooms-this directly contradicts the AV:P requirement; (2) deploy TPMs in systems with electromagnetic shielding if operating in high-threat environments; (3) monitor for unauthorized physical access attempts via audit logs and motion sensors. For systems unable to implement these controls, consider evaluating alternative TPM vendors or assessing risk acceptance if TPM-sealed secrets do not contain critical material. Consult Nuvoton support (https://www.nuvoton.com) for firmware updates, as public advisories remain limited.

Share

CVE-2026-6923 vulnerability details – vuln.today

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy