CVE-2026-4930
Deferred Deferred - Pending Action
DPA Weakening in SYMCRYPTO via Seed Forcing

Publication date: 2026-06-25

Last updated on: 2026-06-25

Assigner: Silicon Graphics (SGI)

Description
SYMCRYPTO is the SiXG301's host side hardware engine accessed by PSA crypto library that accelerates symmetric cryptographic operations (AES encryption/decryption and hashing). DPA Countermeasures on SYMCRYPTO can be weakened (reduced entropy) by forcing certain seed values if an attacker gains code execution capability on the impacted device. * Therefore, the keys loaded on SYMCRYPTO may be more vulnerable to extraction through DPA attacks than intended
CVSS Scores
EPSS Scores
Probability:
Percentile:
Meta Information
Published
2026-06-25
Last Modified
2026-06-25
Generated
2026-06-26
AI Q&A
2026-06-25
EPSS Evaluated
N/A
NVD
CVE-2026-4930
EUVD
EUVD-2026-39534
Affected Vendors & Products
Showing 1 associated CPE
Vendor Product Version / Range
silabs symcrypto *
Helpful Resources
Exploitability
CWE
CWE Icon
KEV
KEV Icon
CWE ID Description
CWE-331 The product uses an algorithm or scheme that produces insufficient entropy, leaving patterns or clusters of values that are more likely to occur than others.
Attack-Flow Graph
AI Quick Actions
Instant insights powered by AI
Executive Summary

This vulnerability affects SYMCRYPTO, the SiXG301's host side hardware engine used by the PSA crypto library to accelerate symmetric cryptographic operations such as AES encryption/decryption and hashing.

The issue is that the Differential Power Analysis (DPA) countermeasures implemented in SYMCRYPTO can be weakened by an attacker who gains code execution capability on the affected device. Specifically, the attacker can force certain seed values, reducing entropy.

As a result, cryptographic keys loaded into SYMCRYPTO may become more vulnerable to extraction through DPA attacks than originally intended.

Impact Analysis

If an attacker gains code execution on the impacted device, they can weaken the DPA countermeasures by forcing certain seed values, which reduces the entropy protecting cryptographic keys.

This makes the keys more susceptible to extraction via Differential Power Analysis attacks, potentially compromising the confidentiality and integrity of encrypted data and cryptographic operations.

Chat Assistant
Ask questions about this CVE
Hi! I’m here to help you understand CVE-2026-4930. Ask me anything about the vulnerability, its impact, or mitigation strategies.
0/70
EPSS Chart