CWE-1300 – Improper Protection of Physical Side Channels | Common Weakness Enumeration（CWE）

概要

CWE-1300（Improper Protection of Physical Side Channels）は各種脆弱性データベースや評価で用いられる弱点タイプを説明します。定義・背景・対応する CVE は以下の各セクションを参照してください。

セキュリティへの影響: セキュリティ影響：製品や文脈に依存します。CVE 記録、深刻度、MITRE の説明を参照して優先度を判断してください。

説明

The device does not contain sufficient protection mechanisms to prevent physical side channels from exposing sensitive information due to patterns in physically observable phenomena such as variations in power consumption, electromagnetic emissions (EME), or acoustic emissions.

適用プラットフォーム

種別	名称	クラス	普遍性	OS / CPE
language	—	Not Language-Specific	Undetermined	—
operating_system	—	Not OS-Specific	Undetermined	—
architecture	—	Not Architecture-Specific	Undetermined	—
technology	—	Not Technology-Specific	Undetermined	—

このデータベースの関連 CVE

これらの CVE は本データベースでこの弱点に対応付けられており、追跡と検索のために保持されています。

CVE	公開	概要
CVE-2026-11289	2026-06-05	Side-channel information leakage in Paint in Google Chrome prior to 149.0.7827.53 allowed a remote attacker to leak cross-origin data via a crafted HTML page. (Chromium security severity: Low)
CVE-2026-11284	2026-06-05	Side-channel information leakage in PerformanceAPIs in Google Chrome prior to 149.0.7827.53 allowed a remote attacker to leak cross-origin data via a crafted HTML page. (Chromium security severity: Lo…
CVE-2026-11153	2026-06-04	Side-channel information leakage in Forms in Google Chrome prior to 149.0.7827.53 allowed a remote attacker to leak cross-origin data via a crafted HTML page. (Chromium security severity: Medium)
CVE-2026-8562	2026-05-14	Side-channel information leakage in Navigation in Google Chrome prior to 148.0.7778.168 allowed a remote attacker to leak cross-origin data via a crafted HTML page. (Chromium security severity: Medium…
CVE-2026-6923	2026-05-14	A side-channel attack, which requires a physical presence to the TPM, can lead to extraction of an Elliptic Curve Diffie-Hellman (ECDH) key.
CVE-2026-8017	2026-05-06	Side-channel information leakage in Media in Google Chrome prior to 148.0.7778.96 allowed a remote attacker to leak cross-origin data via a crafted HTML page. (Chromium security severity: Low)
CVE-2026-5876	2026-04-08	Side-channel information leakage in Navigation in Google Chrome prior to 147.0.7727.55 allowed a remote attacker to leak cross-origin data via a crafted HTML page. (Chromium security severity: Medium)…
CVE-2026-3929	2026-03-11	Side-channel information leakage in ResourceTiming in Google Chrome prior to 146.0.7680.71 allowed a remote attacker to leak cross-origin data via a crafted HTML page. (Chromium security severity: Med…
CVE-2026-0115	2026-03-10	In Trusted Execution Environment, there is a possible key leak due to side channel information disclosure. This could lead to physical information disclosure with no additional execution privileges ne…
CVE-2025-13992	2025-12-03	Side-channel information leakage in Navigation and Loading in Google Chrome prior to 139.0.7258.66 allowed a remote attacker to bypass site isolation via a crafted HTML page. (Chromium security severi…
CVE-2025-11210	2025-11-06	Side-channel information leakage in Tab in Google Chrome prior to 141.0.7390.54 allowed a remote attacker who convinced a user to engage in specific UI gestures to perform UI spoofing via a crafted HT…
CVE-2025-11207	2025-11-06	Side-channel information leakage in Storage in Google Chrome prior to 141.0.7390.54 allowed a remote attacker to perform arbitrary read/write via a crafted HTML page. (Chromium security severity: Medi…
CVE-2025-10890	2025-09-24	Side-channel information leakage in V8 in Google Chrome prior to 140.0.7339.207 allowed a remote attacker to leak cross-origin data via a crafted HTML page. (Chromium security severity: High)
CVE-2023-6258	2024-01-30	A security vulnerability has been identified in the pkcs11-provider, which is associated with Public-Key Cryptography Standards (PKCS#11). If exploited successfully, this vulnerability could result in…

旧名称

Improper Protection Against Physical Side Channels (2021-10-28)

コンテンツ投稿

名称: Nicole Fern
組織: Cycuity (originally submitted as Tortuga Logic)
日付: 2020-05-29
バージョン: 4.2

コンテンツの変更履歴

日付	名称	バージョン	重要度	コメント
2021-03-15	CWE Content Team	4.4	—	updated Functional_Areas, Maintenance_Notes
2021-07-20	CWE Content Team	4.5	—	updated Related_Attack_Patterns
2021-10-28	CWE Content Team	4.6	—	updated Demonstrative_Examples, Description, Detection_Factors, Maintenance_Notes, Name, Observed_Examples, References, Relationships, Weakness_Ordinalities
2022-06-28	CWE Content Team	4.8	—	updated Relationships
2022-10-13	CWE Content Team	4.9	—	updated References, Relationships
2023-01-31	CWE Content Team	4.10	—	updated Related_Attack_Patterns
2023-04-27	CWE Content Team	4.11	—	updated References, Relationships
2023-06-29	CWE Content Team	4.12	—	updated Mapping_Notes
2023-10-26	CWE Content Team	4.13	—	updated Demonstrative_Examples, Observed_Examples, References
2025-04-03	CWE Content Team	4.17	—	updated Demonstrative_Examples
2025-09-09	CWE Content Team	4.18	—	updated References, Relationships

貢献

タイプ	名称	日付	コメント
Content	Anders Nordstrom, Alric Althoff	2021-10-11	Provided detection methods, observed examples, and references
Content	Nicole Fern	2021-10-13	Provided detection methods, observed examples, and references
Content	Chen Chen, Rahul Kande, Jeyavijayan Rajendran	2023-06-21	suggested demonstrative example
Content	Shaza Zeitouni, Mohamadreza Rostami, Ahmad-Reza Sadeghi	2023-06-21	suggested demonstrative example