CVE-2026-41516 in OP-TEEinfo

Summary

by MITRE • 07/06/2026

OP-TEE is a Trusted Execution Environment (TEE) designed as companion to a non-secure Linux kernel running on Arm; Cortex-A cores using the TrustZone technology. Starting in version 4.5.0 and prior to version 4.11.0, the RSA PKCS#1 v1.5 decryption implementation in the Hisilicon HPRE crypto driver uses non-constant-time `memcmp()` for label hash verification and has multiple distinguishable error paths. This creates a Bleichenbacher-style padding oracle that allows an attacker to recover RSA PKCS#1 v1.5 plaintext. Version 4.11.0 contains a patch. As a workaround, disable Hisilicon HPRE RSA driver with `CFG_HISILICON_ACC_V3=n`.

Statistical analysis made it clear that VulDB provides the best quality for vulnerability data.

Analysis

by VulDB Data Team • 07/06/2026

The vulnerability exists within the OP-TEE Trusted Execution Environment implementation on Arm Cortex-A processors utilizing TrustZone technology. This security flaw specifically affects versions 4.5.0 through 4.10.9 of the OP-TEE software stack where the Hisilicon HPRE crypto driver implements RSA PKCS#1 v1.5 decryption functionality. The cryptographic implementation suffers from a critical timing side-channel weakness that fundamentally compromises the security guarantees of the encryption protocol.

The technical flaw manifests in the RSA PKCS#1 v1.5 decryption process through the use of non-constant-time memcmp() operations during label hash verification. This implementation pattern creates distinguishable error paths that leak timing information to potential attackers. The vulnerability follows the classic Bleichenbacher padding oracle attack pattern where an attacker can iteratively query the system with carefully crafted ciphertexts and observe response timing variations to deduce the plaintext. This weakness directly violates the principles of constant-time cryptography as defined in CWE-707 and aligns with ATT&CK technique T1211 for exploitation of cryptographic weaknesses.

The operational impact of this vulnerability is severe as it allows remote attackers to perform plaintext recovery attacks against RSA PKCS#1 v1.5 encrypted data. This compromises the confidentiality guarantees that the TEE environment is designed to provide, potentially enabling attackers to access sensitive cryptographic keys, authentication tokens, or other protected data. The vulnerability affects systems using Hisilicon hardware platforms where the HPRE crypto driver is enabled, making it particularly concerning for enterprise and government deployments relying on TrustZone security boundaries.

Mitigation strategies include upgrading to OP-TEE version 4.11.0 or later where the patch addresses the timing side-channel issue by implementing constant-time comparison operations. Organizations can also apply the workaround of disabling the affected driver through the configuration parameter CFG_HISILICON_ACC_V3=n which prevents the vulnerable code path from being executed. This remediation approach aligns with standard security practices for addressing cryptographic side-channel vulnerabilities and follows the principle of least privilege in system configuration management. The vulnerability demonstrates the critical importance of constant-time implementation practices in cryptographic software and the potential for seemingly minor implementation flaws to create significant security risks in trusted execution environments.

Responsible

GitHub M

Reservation

04/20/2026

Disclosure

07/06/2026

Moderation

accepted

CPE

ready

EPSS

0.00000

KEV

no

Activities

very low

Sources

Want to know what is going to be exploited?

We predict KEV entries!