CVE Catalog

CVE-2026-4930

HighCVSS 7.1
Published: Updated: Translated: NVD NIST

Exploitation Probability (EPSS)

Low risk
0.10%

1th percentile — higher than 1% of all known CVEs

Summary

A vulnerability in the SYMCRYPTO hardware module (SiXG301) allows weakening of DPA (Differential Power Analysis) countermeasures by forcing specific seed values. An attacker with code execution capability on the device can reduce the entropy of protection mechanisms, increasing the risk of cryptographic key extraction.

Risk Assessment

Weakened DPA countermeasures make cryptographic keys loaded on SYMCRYPTO more vulnerable to extraction through power analysis attacks. A successful attack may lead to compromise of encryption keys and loss of confidentiality of protected data.

Recommendation

Apply the firmware update provided by the vendor that restores full entropy of DPA countermeasures. Restrict the ability to execute unauthorized code on devices with the SYMCRYPTO module.

Original NVD description (English source)

SYMCRYPTO is the SiXG301's host side hardware engine accessed by PSA crypto library that accelerates symmetric cryptographic operations (AES encryption/decryption and hashing). DPA Countermeasures on SYMCRYPTO can be weakened (reduced entropy) by forcing certain seed values if an attacker gains code execution capability on the impacted device. * Therefore, the keys loaded on SYMCRYPTO may be more vulnerable to extraction through DPA attacks than intended

Vulnerability data from NVD (NIST) · CISA KEV · EPSS