An incorrect implementation of PUF key generation in Silicon Labs SiSDK creates predictable cryptographic keys, significantly weakening the security posture of affected EFR32xG27 hardware.

The issue stems from the improper use of the Physical Unclonable Function (PUF) for user key generation. This flaw permits the derivation of predictable keys, effectively bypassing the intended security guarantees of the hardware-backed encryption.

Predictable cryptographic keys negate the primary security value of hardware-based root-of-trust mechanisms, leading to potential unauthorized decryption of sensitive data and loss of device integrity. With a CVSS score of 8.4, this vulnerability represents a critical failure in the hardware security chain, which could lead to widespread data compromise in embedded deployments.

Immediate Action: Consult Silicon Labs' security advisories to determine if a firmware or SDK update is available to correct the key generation logic.

Proactive Monitoring: Monitor for anomalous cryptographic operations or failures in authentication protocols that rely on these generated keys.

Compensating Controls: If patching is not immediately feasible, restrict physical access to devices and ensure that sensitive communications are wrapped in additional, independent layers of encryption.

Public Exploit Available: false

This is a critical hardware-level security concern that cannot be easily mitigated without vendor intervention. Impacted organizations must coordinate closely with Silicon Labs to implement the necessary firmware updates to restore the integrity of the device's cryptographic operations.