Description
OP-TEE is a Trusted Execution Environment (TEE) designed as companion to a non-secure Linux kernel running on Arm; Cortex-A cores using the TrustZone technology. From 3.8.0 to 4.10, in the function emsa_pkcs1_v1_5_encode() in core/drivers/crypto/crypto_api/acipher/rsassa.c, the amount of padding needed, "PS size", is calculated by subtracting the size of the digest and other fields required for the EMA-PKCS1-v1_5 encoding from the size of the modulus of the key. By selecting a small enough modulus, this subtraction can overflow. The padding is added as a string of 0xFF bytes with a call to memset(), and an underflowed integer will cause the memset() call to overwrite until OP-TEE crashes. This only affects platforms registering RSA acceleration.
Published: 2026-04-24
Score: 7.5 High
EPSS: < 1% Very Low
KEV: No
Impact: Denial of Service
Action: Apply Patch
AI Analysis

Impact

An integer underflow in the padding calculation of the RSASSA EMSA-1_5 encoding routine causes a negative padding size, which is passed to memset and results in an out‑of‑bounds memory overwrite. The exploit triggers a crash of the OP‑TEE Trusted Execution Environment, leading to a denial of service. The vulnerability is a classic integer overflow condition (CWE‑190).

Affected Systems

The flaw is present in OP‑TEE versions 3.8.0 through 4.10 on Arm Cortex‑A platforms that register RSA acceleration. It does not affect other OP‑TEE releases or platforms that do not enable RSA acceleration.

Risk and Exploitability

The CVSS score of 7.5 indicates high severity, yet the EPSS score of < 1% signals a very low likelihood of exploitation. The vulnerability is not listed in the CISA KEV catalog. Because the flaw requires triggering RSA operations with a small modulus on a system that supports RSA acceleration, the attack vector is inferred to be local or via an application that performs such operations. If exploited, an attacker can force OP‑TEE to crash but cannot directly compromise data or obtain read/write access to the secure world. The overall risk is moderate to high for environments that rely on OP‑TEE for cryptographic services, but the exploitation probability remains low.

Generated by OpenCVE AI on April 28, 2026 at 05:54 UTC.

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

  • Upgrade OP‑TEE to 4.11.0 or later where the underflow check has been added by the maintainers.
  • If a software upgrade is not immediately possible, disable or remove RSA acceleration support on the affected platform to eliminate the vulnerable code path.
  • Monitor OP‑TEE logs and system stability for crash indicators and consider deploying additional application‑level watchdogs to detect and recover from OP‑TEE failures.

Generated by OpenCVE AI on April 28, 2026 at 05:54 UTC.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

History

Tue, 28 Apr 2026 16:00:00 +0000

Type Values Removed Values Added
First Time appeared Linaro
Linaro op-tee
CPEs cpe:2.3:o:linaro:op-tee:*:*:*:*:*:*:*:*
Vendors & Products Linaro
Linaro op-tee

Mon, 27 Apr 2026 20:30:00 +0000

Type Values Removed Values Added
First Time appeared Op-tee
Op-tee op-tee Os
Vendors & Products Op-tee
Op-tee op-tee Os

Sun, 26 Apr 2026 00:15:00 +0000

Type Values Removed Values Added
Metrics ssvc

{'options': {'Automatable': 'yes', 'Exploitation': 'none', 'Technical Impact': 'partial'}, 'version': '2.0.3'}

Fri, 24 Apr 2026 18:30:00 +0000

Type Values Removed Values Added
Description OP-TEE is a Trusted Execution Environment (TEE) designed as companion to a non-secure Linux kernel running on Arm; Cortex-A cores using the TrustZone technology. From 3.8.0 to 4.10, in the function emsa_pkcs1_v1_5_encode() in core/drivers/crypto/crypto_api/acipher/rsassa.c, the amount of padding needed, "PS size", is calculated by subtracting the size of the digest and other fields required for the EMA-PKCS1-v1_5 encoding from the size of the modulus of the key. By selecting a small enough modulus, this subtraction can overflow. The padding is added as a string of 0xFF bytes with a call to memset(), and an underflowed integer will cause the memset() call to overwrite until OP-TEE crashes. This only affects platforms registering RSA acceleration.
Title OP-TEE: RSASSA EMSA- PKCS1-v1_5 underflow in emsa_pkcs1_v1_5_encode()
Weaknesses CWE-190
References
Metrics cvssV3_1

{'score': 7.5, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H'}

Subscriptions

Linaro Op-tee
Op-tee Op-tee Os
cve-icon MITRE

Status: PUBLISHED

Assigner: GitHub_M

Published:

Updated: 2026-04-24T19:00:51.713Z

Reserved: 2026-03-23T15:23:42.219Z

Link: CVE-2026-33662

cve-icon Vulnrichment

Updated: 2026-04-24T19:00:15.848Z

cve-icon NVD

Status : Analyzed

Published: 2026-04-24T19:17:09.997

Modified: 2026-04-28T15:48:13.150

Link: CVE-2026-33662

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

Updated: 2026-04-28T06:00:09Z

Weaknesses