Description
Timing limitations of the HRNG in RS9116 when power save mode is enabled results in predictable values
Published: 2026-05-14
Score: 7.4 High
EPSS: < 1% Very Low
KEV: No
Impact: n/a
Action: n/a
AI Analysis

Impact

The RS9116 hardware random number generator exhibits timing limitations when the device is in power‑save mode, causing its output to become predictable. This flaw reduces the entropy of random values used in cryptographic operations such as key creation, secure communication handshakes, and authentication. If an attacker can anticipate the random outputs, they could forge keys or decrypt protected data, undermining both confidentiality and integrity.

Affected Systems

Silicon Labs RS9116 SDK is affected. No specific SDK release version is listed, so all firmware built with the current SDK may be vulnerable unless a newer build incorporates the fix.

Risk and Exploitability

The CVSS score of 7.4 indicates high severity, while the EPSS score is unavailable and the vulnerability is not recorded in the CISA KEV catalog. Based on the description, it is inferred that the attack vector is local device access or proximity, as the flaw requires the device to be in power‑save mode during HRNG operations, enabling an attacker to predict the random outputs. Attackers would need access to a device running the affected SDK in power‑save mode, but because the HRNG output becomes deterministic, exploitation could be carried out with minimal effort once the attacker observes or predicts the RNG probability distribution.

Generated by OpenCVE AI on May 14, 2026 at 20:50 UTC.

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

  • Update to the latest Silicon Labs RS9116 SDK release that corrects the HRNG timing issue (if available).
  • If a newer SDK is not yet released, disable power‑save mode or configure the device to avoid prolonged low‑power states while the RNG is in use.
  • Enable device monitoring or logging to detect when power‑save mode is active during RNG usage, ensuring vulnerable periods are identified and mitigated.

Generated by OpenCVE AI on May 14, 2026 at 20:50 UTC.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

History

Fri, 15 May 2026 11:45:00 +0000

Type Values Removed Values Added
First Time appeared Silicon Labs
Silicon Labs rs9116 Sdk
Vendors & Products Silicon Labs
Silicon Labs rs9116 Sdk

Thu, 14 May 2026 19:30:00 +0000

Type Values Removed Values Added
Description Timing limitations of the HRNG in RS9116 when power save mode is enabled results in predictable values
Title Timing limitations of the HRNG in RS9116 when power save mode is enabled results in predictable values
Weaknesses CWE-332
References
Metrics cvssV4_0

{'score': 7.4, 'vector': 'CVSS:4.0/AV:A/AC:L/AT:P/PR:N/UI:P/VC:H/VI:H/VA:N/SC:N/SI:N/SA:N'}

Subscriptions

Silicon Labs Rs9116 Sdk
cve-icon MITRE

Status: PUBLISHED

Assigner: Silabs

Published:

Updated: 2026-05-14T19:35:06.824Z

Reserved: 2026-02-26T17:36:36.836Z

Link: CVE-2026-3290

cve-icon Vulnrichment

No data.

cve-icon NVD

Status : Awaiting Analysis

Published: 2026-05-14T20:17:04.093

Modified: 2026-05-15T14:11:57.190

Link: CVE-2026-3290

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

Updated: 2026-05-15T11:21:05Z

Weaknesses