CVE-2026-4930
HighCVSS 7.1Exploitation Probability (EPSS)
Low risk1th percentile — higher than 1% of all known CVEs
Summary
A vulnerability in the SYMCRYPTO hardware module (SiXG301) allows weakening of DPA (Differential Power Analysis) countermeasures by forcing specific seed values. An attacker with code execution capability on the device can reduce the entropy of protection mechanisms, increasing the risk of cryptographic key extraction.
Risk Assessment
Weakened DPA countermeasures make cryptographic keys loaded on SYMCRYPTO more vulnerable to extraction through power analysis attacks. A successful attack may lead to compromise of encryption keys and loss of confidentiality of protected data.
Recommendation
Apply the firmware update provided by the vendor that restores full entropy of DPA countermeasures. Restrict the ability to execute unauthorized code on devices with the SYMCRYPTO module.
Original NVD description (English source)
SYMCRYPTO is the SiXG301's host side hardware engine accessed by PSA crypto library that accelerates symmetric cryptographic operations (AES encryption/decryption and hashing). DPA Countermeasures on SYMCRYPTO can be weakened (reduced entropy) by forcing certain seed values if an attacker gains code execution capability on the impacted device. * Therefore, the keys loaded on SYMCRYPTO may be more vulnerable to extraction through DPA attacks than intended

