Impact
The vulnerability is a Bleichenbacher‑style padding oracle discovered in the Hisilicon HPRE crypto driver of OP‑TEE’s Trusted Execution Environment. The driver’s RSA PKCS#1 v1.5 decryption routine uses a non‑constant‑time memcmp() to verify a label hash, and the routine contains multiple distinguishable error paths. An attacker can exploit these leakages to recover the plaintext of RSA‑encrypted data that uses PKCS#1 v1.5 padding, thereby compromising data confidentiality.
Affected Systems
The flaw affects OP‑TEE version numbers 4.5.0 through 4.10.x in devices that enable the Hisilicon HPRE crypto driver. The affected code resides in the OP‑TEE open‑source OS, commonly run on ARM Cortex‑A cores with TrustZone support. A patch was introduced in version 4.11.0 to eliminate the timing side channel and consolidate error handling, and a workaround is to disable the driver by setting CFG_HISILICON_ACC_V3=n.
Risk and Exploitability
The CVSS 2.5 indicates low overall severity; the vulnerability is not listed in CISA KEV, and the EPSS score is < 1%, suggesting limited exploitation data. The nature of the flaw implies that a local or remote attacker with the capability to invoke the absent RSA decryption routine in the trusted environment would need to observe the observable error paths to conduct a successful padding oracle attack. While the attack surface is constrained to systems that load the Hisilicon HPRE RSA driver, the impact of successfully decrypting sensitive data is significant, potentially exposing secrets stored or processed within the trusted domain.
OpenCVE Enrichment