CVE-2026-45614: CWE-347: Improper Verification of Cryptographic Signature in OP-TEE optee_os
OP-TEE is a Trusted Execution Environment (TEE) designed as companion to a non-secure Linux kernel running on Arm; Cortex-A cores using the TrustZone technology. Prior to version 4.11.0, on many of the ECDH shared secret paths, the public key isn't verified to be a point on the correct curve. By passing approximately 30-40 crafted public keys to OP-TEE, the private key can be reconstructed by a normal world attacker. When calling TEE_DeriveKey the public key is provided with full X and Y values, but the (X, Y) point might not satisfy the `Y^2 == X^3 + aX + b mod P` math for the specific curve that is used. When those public keys aren't rejected, the attacker can select public keys such that each DeriveKey call will leak `d % r` where `d` is the private key and `r` comes from the relationship between the correct curve and the attacker selected curve. With enough leaked data the Chinese remainder theorem can be used to recover the full private key. Version 4.11.0 fixes the issue.
AI Analysis
Technical Summary
OP-TEE's optee_os versions before 4.11.0 contain an improper verification of cryptographic signatures (CWE-347) in ECDH shared secret derivation. Specifically, the public key points (X, Y) provided during TEE_DeriveKey calls are not checked to confirm they satisfy the elliptic curve equation for the expected curve. An attacker can supply approximately 30-40 specially crafted public keys that do not lie on the correct curve, causing leakage of partial private key information (d % r) with each call. Using these leaked residues and the Chinese remainder theorem, the attacker can reconstruct the full private key. This vulnerability compromises the confidentiality of private keys used in OP-TEE's cryptographic operations. Version 4.11.0 of optee_os addresses this by properly verifying public keys.
Potential Impact
An attacker with the ability to invoke TEE_DeriveKey and supply crafted public keys can recover the private key used in elliptic curve cryptography within OP-TEE. This compromises the confidentiality of cryptographic keys, potentially undermining the security guarantees of the Trusted Execution Environment. The vulnerability does not affect integrity or availability directly and requires local attacker privileges with low user privileges and high attack complexity. There are no known exploits in the wild as of the published date.
Mitigation Recommendations
Upgrade OP-TEE optee_os to version 4.11.0 or later, where the issue is fixed by proper verification of public keys on the correct elliptic curve. Since no official patch links or vendor advisory are provided, confirm the upgrade path from OP-TEE project resources. Patch status is not yet confirmed beyond the version fix note; check the OP-TEE vendor advisory for current remediation guidance.
CVE-2026-45614: CWE-347: Improper Verification of Cryptographic Signature in OP-TEE optee_os
Description
OP-TEE is a Trusted Execution Environment (TEE) designed as companion to a non-secure Linux kernel running on Arm; Cortex-A cores using the TrustZone technology. Prior to version 4.11.0, on many of the ECDH shared secret paths, the public key isn't verified to be a point on the correct curve. By passing approximately 30-40 crafted public keys to OP-TEE, the private key can be reconstructed by a normal world attacker. When calling TEE_DeriveKey the public key is provided with full X and Y values, but the (X, Y) point might not satisfy the `Y^2 == X^3 + aX + b mod P` math for the specific curve that is used. When those public keys aren't rejected, the attacker can select public keys such that each DeriveKey call will leak `d % r` where `d` is the private key and `r` comes from the relationship between the correct curve and the attacker selected curve. With enough leaked data the Chinese remainder theorem can be used to recover the full private key. Version 4.11.0 fixes the issue.
CVSS v3.1
Score 4.7medium
Weaknesses
AI-Powered Analysis
Machine-generated threat intelligence
Technical Analysis
OP-TEE's optee_os versions before 4.11.0 contain an improper verification of cryptographic signatures (CWE-347) in ECDH shared secret derivation. Specifically, the public key points (X, Y) provided during TEE_DeriveKey calls are not checked to confirm they satisfy the elliptic curve equation for the expected curve. An attacker can supply approximately 30-40 specially crafted public keys that do not lie on the correct curve, causing leakage of partial private key information (d % r) with each call. Using these leaked residues and the Chinese remainder theorem, the attacker can reconstruct the full private key. This vulnerability compromises the confidentiality of private keys used in OP-TEE's cryptographic operations. Version 4.11.0 of optee_os addresses this by properly verifying public keys.
Potential Impact
An attacker with the ability to invoke TEE_DeriveKey and supply crafted public keys can recover the private key used in elliptic curve cryptography within OP-TEE. This compromises the confidentiality of cryptographic keys, potentially undermining the security guarantees of the Trusted Execution Environment. The vulnerability does not affect integrity or availability directly and requires local attacker privileges with low user privileges and high attack complexity. There are no known exploits in the wild as of the published date.
Mitigation Recommendations
Upgrade OP-TEE optee_os to version 4.11.0 or later, where the issue is fixed by proper verification of public keys on the correct elliptic curve. Since no official patch links or vendor advisory are provided, confirm the upgrade path from OP-TEE project resources. Patch status is not yet confirmed beyond the version fix note; check the OP-TEE vendor advisory for current remediation guidance.
Technical Details
- Data Version
- 5.2
- Assigner Short Name
- GitHub_M
- Date Reserved
- 2026-05-12T20:31:43.448Z
- Cvss Version
- 3.1
- State
- PUBLISHED
- Remediation Level
- null
Threat ID: 6a207a8be29bf47b50dc5166
Added to database: 6/3/2026, 7:03:39 PM
Last enriched: 6/3/2026, 7:19:04 PM
Last updated: 6/4/2026, 6:23:17 AM
Views: 8
Community Reviews
0 reviewsCrowdsource mitigation strategies, share intel context, and vote on the most helpful responses. Sign in to add your voice and help keep defenders ahead.
Want to contribute mitigation steps or threat intel context? Sign in or create an account to join the community discussion.
Actions
Updates to AI analysis require Pro Console access. Upgrade inside Console → Billing.
External Links
Need more coverage?
Upgrade to Pro Console for AI refresh and higher limits.
For incident response and remediation, OffSeq services can help resolve threats faster.
Latest Threats
Check if your credentials are on the dark web
Instant breach scanning across billions of leaked records. Free tier available.