Skip to content

[GHSA-6cr3-m628-79px] * Countermeasures for DPA within SYMCRYPTO engine on... #7703

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Open
Vendetaaaa wants to merge 1 commit into
base: Vendetaaaa/advisory-improvement-7703
Choose a base branch
from
+22 −4
Open

[GHSA-6cr3-m628-79px] * Countermeasures for DPA within SYMCRYPTO engine on... #7703

Changes from all commits
Commits
Show all changes
1 commit
Select commit
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
26 changes: 22 additions & 4 deletions advisories/unreviewed/2026/05/GHSA-6cr3-m628-79px/GHSA-6cr3-m628-79px.json
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -6,14 +6,32 @@
"aliases": [
"CVE-2025-14972"
],
"details": "* Countermeasures for DPA within SYMCRYPTO\nengine on SixG301xxx devices are not sufficiently random and will\neventually repeat.\n * KSU keys using SYMCRYPTO will be\nimpacted by this vulnerability.",
"summary": "Insufficient Entropy in DPA Countermeasures Within SYMCRYPTO Engine on Silicon Labs SixG301xxx Devices",
"details": "### Summary\nA vulnerability exists in the Differential Power Analysis (DPA) countermeasures implemented within the hardware symmetric cryptographic (SYMCRYPTO) engine of Silicon Labs SixG301xxx devices. The masking or blinding sequences used to protect the cryptographic operations against side-channel analysis lack sufficient randomness and will eventually repeat. \n\n### Impact\nAn attacker with physical access to the device can perform Differential Power Analysis (DPA) to observe power consumption patterns over multiple operations. Because the side-channel protection sequences eventually repeat, the attacker can filter out the noise and extract sensitive cryptographic keys. Specifically, Key Storage Unit (KSU) keys wrapped or processed using the SYMCRYPTO engine are vulnerable to compromise through this flaw.\n\n### Remediation\nRefer to the Silicon Labs Community Advisory and official technical support channels to obtain firmware or SDK updates containing a revised cryptographic library or microcode patch that forces proper high-entropy seeding for the SYMCRYPTO DPA masking mechanisms.",
"severity": [
{
"type": "CVSS_V4",
"score": "CVSS:4.0/AV:P/AC:H/AT:N/PR:N/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X"
"type": "CVSS_V3",
"score": "CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N"
}
],
"affected": [
{
"package": {
"ecosystem": "Packagist",
"name": "Silicon_Labs_SixG301xxx_Firmware_/_GSDK_(SYMCRYPTO_Driver_Component)"
},
"ranges": [
{
"type": "ECOSYSTEM",
"events": [
{
"introduced": "0"
}
]
}
]
}
],
"affected": [],
"references": [
{
"type": "ADVISORY",
Expand Down