From 5bdbe52beb98803bd4d06c2db4accac8b9fd56a2 Mon Sep 17 00:00:00 2001
From: Vendeta <VZVendeta@hotmail.com>
Date: Fri, 15 May 2026 19:27:44 +0300
Subject: [PATCH] Improve GHSA-6cr3-m628-79px

---
 .../GHSA-6cr3-m628-79px.json                  | 26 ++++++++++++++++---
 1 file changed, 22 insertions(+), 4 deletions(-)

diff --git a/advisories/unreviewed/2026/05/GHSA-6cr3-m628-79px/GHSA-6cr3-m628-79px.json b/advisories/unreviewed/2026/05/GHSA-6cr3-m628-79px/GHSA-6cr3-m628-79px.json
index 148fc1c7bf3bd..72a7b8a5ac952 100644
--- a/advisories/unreviewed/2026/05/GHSA-6cr3-m628-79px/GHSA-6cr3-m628-79px.json
+++ b/advisories/unreviewed/2026/05/GHSA-6cr3-m628-79px/GHSA-6cr3-m628-79px.json
@@ -6,14 +6,32 @@
   "aliases": [
     "CVE-2025-14972"
   ],
-  "details": "*  Countermeasures for DPA within SYMCRYPTO\nengine on SixG301xxx devices are not sufficiently random and will\neventually repeat.\n  *  KSU keys using SYMCRYPTO will be\nimpacted by this vulnerability.",
+  "summary": "Insufficient Entropy in DPA Countermeasures Within SYMCRYPTO Engine on Silicon Labs SixG301xxx Devices",
+  "details": "### Summary\nA vulnerability exists in the Differential Power Analysis (DPA) countermeasures implemented within the hardware symmetric cryptographic (SYMCRYPTO) engine of Silicon Labs SixG301xxx devices. The masking or blinding sequences used to protect the cryptographic operations against side-channel analysis lack sufficient randomness and will eventually repeat. \n\n### Impact\nAn attacker with physical access to the device can perform Differential Power Analysis (DPA) to observe power consumption patterns over multiple operations. Because the side-channel protection sequences eventually repeat, the attacker can filter out the noise and extract sensitive cryptographic keys. Specifically, Key Storage Unit (KSU) keys wrapped or processed using the SYMCRYPTO engine are vulnerable to compromise through this flaw.\n\n### Remediation\nRefer to the Silicon Labs Community Advisory and official technical support channels to obtain firmware or SDK updates containing a revised cryptographic library or microcode patch that forces proper high-entropy seeding for the SYMCRYPTO DPA masking mechanisms.",
   "severity": [
     {
-      "type": "CVSS_V4",
-      "score": "CVSS:4.0/AV:P/AC:H/AT:N/PR:N/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X"
+      "type": "CVSS_V3",
+      "score": "CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N"
+    }
+  ],
+  "affected": [
+    {
+      "package": {
+        "ecosystem": "Packagist",
+        "name": "Silicon_Labs_SixG301xxx_Firmware_/_GSDK_(SYMCRYPTO_Driver_Component)"
+      },
+      "ranges": [
+        {
+          "type": "ECOSYSTEM",
+          "events": [
+            {
+              "introduced": "0"
+            }
+          ]
+        }
+      ]
     }
   ],
-  "affected": [],
   "references": [
     {
       "type": "ADVISORY",