CVE-2026-0142 | In iavb_parse_key_data of avb_rsa.c, there is a possible out… | CVSS 3.3 LOW

Description

In iavb_parse_key_data of avb_rsa.c, there is a possible out of bounds read due to improper input validation. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.

Metadata

CVE ID: CVE-2026-0142
State: PUBLISHED
Assigner: Google_Devices
Reserved: 2025-10-23 08:43 UTC
Published: 2026-06-16 18:51 UTC
Last updated: 2026-06-16 20:52 UTC
Primary CWE: CWE-125
CWE-125 Out-of-bounds Read
Vendor / Product: Google / Android
Sources: cve.org · NVD

Severity & Metrics

3.3 LOW CVSS 3.1

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N

SSVC — CISA Coordinator

Exploitation: none
Automatable: no
Tech. Impact: partial

Affected products (1)

Vendor	Product	Platform	Versions
Google	Android	—	Android kernel

Weakness (CWE)

CWE	Source	Description
—	cna	Information disclosure
CWE-125	adp	CWE-125 Out-of-bounds Read
CWE-20	adp	CWE-20 Improper Input Validation

CVSS scores (1)

Score	Severity	Version	Source	Vector
3.3	LOW	3.1	adp	CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N

References (1)

https://source.android.com/docs/security/bulletin/pixel/2026/2026-06-01