PT-2025-18163 · Series 2 · Series 2
Published
2025-04-29
·
Updated
2025-04-29
·
CVE-2025-3301
CVSS v4.0
1.0
Low
| Vector | AV:P/AC:L/AT:P/PR:N/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X |
Name of the Vulnerable Software and Affected Versions
Series 2 modules and SoCs (affected versions not specified)
Description
A lack of hardware and software support for DPA countermeasures in ECDH key agreement and EdDSA signing operations on Curve25519 and Curve448 may result in exposure of confidential information due to a successful DPA attack.
Recommendations
For all Series 2 modules and SoCs, consider using the impacted crypto curves and operations with ephemeral keys to reduce the number of DPA traces that can be collected.
Fix
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Series 2