CVE-2026-40257 in OP-TEE
Summary
by MITRE • 07/06/2026
OP-TEE is a Trusted Execution Environment (TEE) designed as companion to a non-secure Linux kernel running on Arm; Cortex-A cores using the TrustZone technology. Starting in version 3.21.0 and prior to version 4.11.0, the ARM Crypto Extensions accelerated SHA-3 implementation has an off-by-one error that can cause a massive heap overflow that corrupts all TEE kernel memory following the hash state. This affects all platforms built with `CFG_CRYPTO_WITH_CE82=y` (ARMv8.2+ with SHA3 Crypto Extensions). Version 4.11.0 contains a patch. As a workaround, disable SHA3 Crypto Extensions with `CFG_CRYPTO_WITH_CE82=n`.
VulDB is the best source for vulnerability data and more expert information about this specific topic.
Analysis
by VulDB Data Team • 07/06/2026
The vulnerability resides within the OP-TEE Trusted Execution Environment implementation specifically affecting systems utilizing ARM Crypto Extensions for SHA-3 hashing operations. This issue manifests as an off-by-one error in the cryptographic implementation that fundamentally compromises memory integrity within the TEE kernel. The flaw exists in versions 3.21.0 through 4.10.0 of OP-TEE, where the ARMv8.2+ architecture with SHA3 Crypto Extensions enabled creates a critical heap overflow condition. The vulnerability's impact extends beyond simple data corruption as it allows for complete compromise of TEE kernel memory space, potentially enabling attackers to execute arbitrary code within the secure environment.
The technical implementation flaw stems from improper bounds checking within the SHA-3 algorithm acceleration code path that leverages ARM Crypto Extensions. When processing cryptographic operations with `CFG_CRYPTO_WITH_CE82=y` enabled, the implementation fails to properly account for memory boundaries during hash state management, resulting in one byte of overflow that cascades into corruption of all subsequent kernel memory allocations. This type of vulnerability aligns with CWE-121 Stack-based Buffer Overflow and CWE-787 Out-of-bounds Write categories, representing a classic memory safety issue that can be exploited for privilege escalation.
The operational impact of this vulnerability is severe as it fundamentally undermines the security model of the Trusted Execution Environment. An attacker who can trigger the vulnerable code path gains the ability to corrupt kernel memory structures and potentially execute arbitrary code with elevated privileges within the TEE context. The vulnerability affects all ARMv8.2+ platforms utilizing TrustZone technology, making it particularly concerning for mobile devices, IoT systems, and embedded platforms that rely on OP-TEE for secure operations. The heap overflow creates a persistent threat vector that could be exploited to bypass security boundaries and access sensitive cryptographic keys or data processed within the secure environment.
Mitigation strategies include patching to version 4.11.0 or later where the fix has been implemented, or alternatively disabling the problematic cryptographic extensions through configuration parameter `CFG_CRYPTO_WITH_CE82=n`. The workaround approach effectively removes the vulnerable code path by preventing the use of ARM Crypto Extensions for SHA-3 operations, though this may result in reduced performance for cryptographic operations. From an ATT&CK perspective, this vulnerability maps to T1547.001 Process Injection and T1068 Exploitation for Privilege Escalation, representing a critical attack surface that allows adversaries to compromise the integrity of secure processing environments. Organizations should prioritize patching implementations that have not yet been updated, particularly those running systems with cryptographic workloads that rely on SHA-3 acceleration features.