Description
Incorrect use of the PUF key for user key generation in EFR32xG27 results in predictable keys
Published: 2026-06-25
Score: 8.4 High
EPSS: n/a
KEV: No
Impact: n/a
Action: n/a
AI Analysis

Impact

An incorrect usage of the Physical Unclonable Function (PUF) key during user key generation in the EFR32xG27 platform results in keys that can be predicted by an attacker. This flaw directly compromises the confidentiality of stored cryptographic keys and is classified under CWE‑339, indicating a reliance on an insufficiently random source for key generation.

Affected Systems

The vulnerability affects devices running Silicon Labs SiSDK for the EFR32xG27 series. Specific affected firmware or SDK version numbers are not listed in the available data, so a version check against the latest releases is recommended.

Risk and Exploitability

The CVSS score of 8.4 signals a high severity risk. No EPSS score is provided, and the issue is not currently catalogued in CISA KEV, suggesting lower publicly observed exploitation but still significant threat if key secrecy is crucial. Attackers who can influence or observe the PUF state may predict the user keys, potentially allowing unauthorized decryption or impersonation. The likely attack vector is local or physical access to the device where the PUF is employed.

Generated by OpenCVE AI on June 25, 2026 at 15:28 UTC.

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

  • Install the latest SiSDK firmware released by Silicon Labs that corrects the PUF usage.
  • If an immediate firmware update is infeasible, disable the PUF‑based user key generation feature and switch to a secure, non‑predictable entropy source for key creation.
  • After applying updates or configuration changes, conduct a cryptographic audit to verify that generated keys exhibit sufficient randomness and are no longer predictable.

Generated by OpenCVE AI on June 25, 2026 at 15:28 UTC.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

History

Thu, 25 Jun 2026 15:30:00 +0000

Type Values Removed Values Added
Metrics ssvc

{'options': {'Automatable': 'no', 'Exploitation': 'none', 'Technical Impact': 'partial'}, 'version': '2.0.3'}

Thu, 25 Jun 2026 14:00:00 +0000

Type Values Removed Values Added
Description Incorrect use of the PUF key for user key generation in EFR32xG27 results in predictable keys
Title Incorrect use of the PUF key for user key generation in EFR32xG27 results in predictable keys
Weaknesses CWE-339
References
Metrics cvssV4_0

{'score': 8.4, 'vector': 'CVSS:4.0/AV:A/AC:L/AT:N/PR:N/UI:N/VC:H/VI:N/VA:N/SC:H/SI:H/SA:N'}

Subscriptions

No data.

cve-icon MITRE

Status: PUBLISHED

Assigner: Silabs

Published:

Updated: 2026-06-25T14:03:49.129Z

Reserved: 2026-02-19T16:49:32.148Z

Link: CVE-2026-2815

cve-icon Vulnrichment

Updated: 2026-06-25T14:03:44.190Z

cve-icon NVD

No data.

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

Updated: 2026-06-25T15:30:16Z

Weaknesses