CVE-2026-0115 (GCVE-0-2026-0115)
Vulnerability from cvelistv5 – Published: 2026-03-10 20:46 – Updated: 2026-03-11 14:28
VLAI
Summary
In Trusted Execution Environment, there is a possible key leak due to side channel information disclosure. This could lead to physical information disclosure with no additional execution privileges needed. User interaction is needed for exploitation.
Severity
SSVC
Exploitation: none
Automatable: no
Technical Impact: partial
CISA Coordinator (v2.0.3)
CWE
- Information disclosure
- CWE-1300 - Improper Protection of Physical Side Channels
Assigner
References
2 references
| URL | Tags |
|---|---|
| https://source.android.com/docs/security/bulletin… | vendor-advisory |
| https://source.android.com/docs/security/bulletin… | vendor-advisory |
{
"containers": {
"adp": [
{
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "PHYSICAL",
"availabilityImpact": "NONE",
"baseScore": 2.1,
"baseSeverity": "LOW",
"confidentialityImpact": "LOW",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:P/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N",
"version": "3.1"
}
},
{
"other": {
"content": {
"id": "CVE-2026-0115",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2026-03-11T14:24:52.277102Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-1300",
"description": "CWE-1300 Improper Protection of Physical Side Channels",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-03-11T14:28:00.198Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"references": [
{
"tags": [
"vendor-advisory"
],
"url": "https://source.android.com/docs/security/bulletin/pixel/2026/2026-03-01"
}
],
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Android",
"vendor": "Google",
"versions": [
{
"status": "affected",
"version": "Android kernel"
}
]
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cp\u003eIn Trusted Execution Environment, there is a possible key leak due to side channel information disclosure. This could lead to physical information disclosure with no additional execution privileges needed. User interaction is needed for exploitation.\u003c/p\u003e"
}
],
"value": "In Trusted Execution Environment, there is a possible key leak due to side channel information disclosure. This could lead to physical information disclosure with no additional execution privileges needed. User interaction is needed for exploitation."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Information disclosure",
"lang": "en"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-03-10T21:08:53.608Z",
"orgId": "83238938-5644-45f0-9007-c0392bcf6222",
"shortName": "Google_Devices"
},
"references": [
{
"tags": [
"vendor-advisory"
],
"url": "https://source.android.com/docs/security/bulletin/2026/2026-03-01"
}
],
"source": {
"discovery": "UNKNOWN"
},
"x_generator": {
"engine": "cvelib 1.7.1"
}
}
},
"cveMetadata": {
"assignerOrgId": "83238938-5644-45f0-9007-c0392bcf6222",
"assignerShortName": "Google_Devices",
"cveId": "CVE-2026-0115",
"datePublished": "2026-03-10T20:46:44.416Z",
"dateReserved": "2025-10-23T08:43:11.363Z",
"dateUpdated": "2026-03-11T14:28:00.198Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2",
"vulnerability-lookup:meta": {
"epss": {
"cve": "CVE-2026-0115",
"date": "2026-06-16",
"epss": "0.0009",
"percentile": "0.00591"
},
"nvd": "{\"cve\":{\"id\":\"CVE-2026-0115\",\"sourceIdentifier\":\"dsap-vuln-management@google.com\",\"published\":\"2026-03-10T21:16:44.953\",\"lastModified\":\"2026-03-11T17:13:49.327\",\"vulnStatus\":\"Analyzed\",\"cveTags\":[],\"descriptions\":[{\"lang\":\"en\",\"value\":\"In Trusted Execution Environment, there is a possible key leak due to side channel information disclosure. This could lead to physical information disclosure with no additional execution privileges needed. User interaction is needed for exploitation.\"},{\"lang\":\"es\",\"value\":\"En Entorno de Ejecuci\u00f3n Confiable, existe una posible fuga de clave debido a la revelaci\u00f3n de informaci\u00f3n por canal lateral. Esto podr\u00eda conducir a la revelaci\u00f3n de informaci\u00f3n f\u00edsica sin necesidad de privilegios de ejecuci\u00f3n adicionales. Se requiere interacci\u00f3n del usuario para su explotaci\u00f3n.\"}],\"metrics\":{\"cvssMetricV31\":[{\"source\":\"134c704f-9b21-4f2e-91b3-4a467353bcc0\",\"type\":\"Secondary\",\"cvssData\":{\"version\":\"3.1\",\"vectorString\":\"CVSS:3.1/AV:P/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N\",\"baseScore\":2.1,\"baseSeverity\":\"LOW\",\"attackVector\":\"PHYSICAL\",\"attackComplexity\":\"LOW\",\"privilegesRequired\":\"NONE\",\"userInteraction\":\"REQUIRED\",\"scope\":\"UNCHANGED\",\"confidentialityImpact\":\"LOW\",\"integrityImpact\":\"NONE\",\"availabilityImpact\":\"NONE\"},\"exploitabilityScore\":0.7,\"impactScore\":1.4}]},\"weaknesses\":[{\"source\":\"134c704f-9b21-4f2e-91b3-4a467353bcc0\",\"type\":\"Secondary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-1300\"}]}],\"configurations\":[{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:google:android:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"F8B9FEC8-73B6-43B8-B24E-1F7C20D91D26\"}]}]}],\"references\":[{\"url\":\"https://source.android.com/docs/security/bulletin/2026/2026-03-01\",\"source\":\"dsap-vuln-management@google.com\",\"tags\":[\"Vendor Advisory\"]},{\"url\":\"https://source.android.com/docs/security/bulletin/pixel/2026/2026-03-01\",\"source\":\"134c704f-9b21-4f2e-91b3-4a467353bcc0\",\"tags\":[\"Vendor Advisory\"]}]}}",
"vulnrichment": {
"containers": "{\"cna\": {\"source\": {\"discovery\": \"UNKNOWN\"}, \"affected\": [{\"vendor\": \"Google\", \"product\": \"Android\", \"versions\": [{\"status\": \"affected\", \"version\": \"Android kernel\"}], \"defaultStatus\": \"unaffected\"}], \"references\": [{\"url\": \"https://source.android.com/docs/security/bulletin/2026/2026-03-01\", \"tags\": [\"vendor-advisory\"]}], \"x_generator\": {\"engine\": \"cvelib 1.7.1\"}, \"descriptions\": [{\"lang\": \"en\", \"value\": \"In Trusted Execution Environment, there is a possible key leak due to side channel information disclosure. This could lead to physical information disclosure with no additional execution privileges needed. User interaction is needed for exploitation.\", \"supportingMedia\": [{\"type\": \"text/html\", \"value\": \"\u003cp\u003eIn Trusted Execution Environment, there is a possible key leak due to side channel information disclosure. This could lead to physical information disclosure with no additional execution privileges needed. User interaction is needed for exploitation.\u003c/p\u003e\", \"base64\": false}]}], \"problemTypes\": [{\"descriptions\": [{\"lang\": \"en\", \"description\": \"Information disclosure\"}]}], \"providerMetadata\": {\"orgId\": \"83238938-5644-45f0-9007-c0392bcf6222\", \"shortName\": \"Google_Devices\", \"dateUpdated\": \"2026-03-10T21:08:53.608Z\"}}, \"adp\": [{\"title\": \"CISA ADP Vulnrichment\", \"metrics\": [{\"cvssV3_1\": {\"scope\": \"UNCHANGED\", \"version\": \"3.1\", \"baseScore\": 2.1, \"attackVector\": \"PHYSICAL\", \"baseSeverity\": \"LOW\", \"vectorString\": \"CVSS:3.1/AV:P/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N\", \"integrityImpact\": \"NONE\", \"userInteraction\": \"REQUIRED\", \"attackComplexity\": \"LOW\", \"availabilityImpact\": \"NONE\", \"privilegesRequired\": \"NONE\", \"confidentialityImpact\": \"LOW\"}}, {\"other\": {\"type\": \"ssvc\", \"content\": {\"id\": \"CVE-2026-0115\", \"role\": \"CISA Coordinator\", \"options\": [{\"Exploitation\": \"none\"}, {\"Automatable\": \"no\"}, {\"Technical Impact\": \"partial\"}], \"version\": \"2.0.3\", \"timestamp\": \"2026-03-11T14:24:52.277102Z\"}}}], \"references\": [{\"url\": \"https://source.android.com/docs/security/bulletin/pixel/2026/2026-03-01\", \"tags\": [\"vendor-advisory\"]}], \"problemTypes\": [{\"descriptions\": [{\"lang\": \"en\", \"type\": \"CWE\", \"cweId\": \"CWE-1300\", \"description\": \"CWE-1300 Improper Protection of Physical Side Channels\"}]}], \"providerMetadata\": {\"shortName\": \"CISA-ADP\", \"orgId\": \"134c704f-9b21-4f2e-91b3-4a467353bcc0\", \"dateUpdated\": \"2026-03-11T14:26:14.450Z\"}}]}",
"cveMetadata": "{\"cveId\": \"CVE-2026-0115\", \"state\": \"PUBLISHED\", \"dateUpdated\": \"2026-03-10T21:08:53.608Z\", \"dateReserved\": \"2025-10-23T08:43:11.363Z\", \"assignerOrgId\": \"83238938-5644-45f0-9007-c0392bcf6222\", \"datePublished\": \"2026-03-10T20:46:44.416Z\", \"assignerShortName\": \"Google_Devices\"}",
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
}
}
Loading…
Loading…
Experimental. This forecast is provided for visualization only and may change without notice. Do not use it for operational decisions.
Forecast uses a logistic model when the trend is rising, or an exponential decay model when the trend is falling. Fitted via linearized least squares.
Sightings
| Author | Source | Type | Date | Other |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or observed by the user.
- Confirmed: The vulnerability has been validated from an analyst's perspective.
- Published Proof of Concept: A public proof of concept is available for this vulnerability.
- Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
- Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
- Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
- Not confirmed: The user expressed doubt about the validity of the vulnerability.
- Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.
Loading…
Loading…