Silicon Labs Series 2 Modules and SoCs Differential Power Analysis Vulnerability in ECDH and EdDSA Operations on Curve25519 and Curve448

Vulnerability

A vulnerability exists in all Series 2 modules and SoCs from Silicon Labs, where differential power analysis (DPA) countermeasures are not implemented for Elliptic Curve Diffie-Hellman (ECDH) key agreement and Edwards-Curve Digital Signature Algorithm (EdDSA) signing on Curve25519 and Curve448. This absence of countermeasures, due to limited hardware and software support, could allow a successful DPA attack to expose confidential information. It is recommended to use the affected cryptographic curves and operations with ephemeral keys to minimize the potential DPA traces that could be gathered.

Impact

Exploitation of this vulnerability could lead to a DPA attack, allowing an attacker to intercept and analyze power consumption data to extract sensitive information, such as cryptographic keys.

Added: Sep 1, 2025, 7:22 PM

Updated: Sep 1, 2025, 7:22 PM

Vulnerability Rating

Custom Algorithm

spread

0.0

impact

2.5

exploitability

7.4

remediation

0.0

relevance

0.0

threat

0.0

urgency

2.9

incentive

5.8

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Vulnerability Rating

Custom Algorithm

spread

0.0

impact

2.5

exploitability

7.4

remediation

0.0

relevance

0.0

threat

0.0

urgency

2.9

incentive

5.8

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Silicon Labs Series 2 Modules and SoCs Differential Power Analysis Vulnerability in ECDH and EdDSA Operations on Curve25519 and Curve448

Vulnerability

Impact

Affected Products

CVSS Scores

References

Vulnerability Rating

Vulnerability Rating