AI Threat Alert

CVE-2026-4930

AWAITING NVD
Published June 25, 2026

SYMCRYPTO is the SiXG301's host side hardware engine accessed by PSA crypto library that accelerates symmetric cryptographic operations (AES encryption/decryption and hashing). DPA Countermeasures on SYMCRYPTO can be weakened (reduced entropy) by forcing certain seed values if an attacker gains...

Full CISO analysis pending enrichment.

How severe is it?

CVSS 3.1
N/A
EPSS
N/A
Exploitation Status
No known exploitation
Sophistication
N/A

What should I do?

No patch available

Monitor for updates. Consider compensating controls or temporary mitigations.

Which compliance frameworks are affected?

Compliance analysis pending. Sign in for full compliance mapping when available.

Frequently Asked Questions

What is CVE-2026-4930?

SYMCRYPTO is the SiXG301's host side hardware engine accessed by PSA crypto library that accelerates symmetric cryptographic operations (AES encryption/decryption and hashing). DPA Countermeasures on SYMCRYPTO can be weakened (reduced entropy) by forcing certain seed values if an attacker gains code execution capability on the impacted device. * Therefore, the keys loaded on SYMCRYPTO may be more vulnerable to extraction through DPA attacks than intended

Is CVE-2026-4930 actively exploited?

No confirmed active exploitation of CVE-2026-4930 has been reported, but organizations should still patch proactively.

How to fix CVE-2026-4930?

No patch is currently available. Monitor vendor advisories for updates.

What is the CVSS score for CVE-2026-4930?

No CVSS score has been assigned yet.

What are the technical details?

Original Advisory

SYMCRYPTO is the SiXG301's host side hardware engine accessed by PSA crypto library that accelerates symmetric cryptographic operations (AES encryption/decryption and hashing). DPA Countermeasures on SYMCRYPTO can be weakened (reduced entropy) by forcing certain seed values if an attacker gains code execution capability on the impacted device. * Therefore, the keys loaded on SYMCRYPTO may be more vulnerable to extraction through DPA attacks than intended

Weaknesses (CWE)

CWE-331 Insufficient Entropy

CWE-331 — Insufficient Entropy: The product uses an algorithm or scheme that produces insufficient entropy, leaving patterns or clusters of values that are more likely to occur than others.

  • [Implementation] Determine the necessary entropy to adequately provide for randomness and predictability. This can be achieved by increasing the number of bits of objects such as keys and seeds.

Source: MITRE CWE corpus.

References

Timeline

Published
June 25, 2026
Last Modified
June 25, 2026
First Seen
June 25, 2026
Back to Threat Feed