RSA-OAEP Decryption Vulnerability in OP-TEE Trusted Execution Environment
CVE-2026-41515
2.5LOW
What is CVE-2026-41515?
The OP-TEE Trusted Execution Environment contains a vulnerability in its RSA-OAEP decryption implementation prior to version 4.11.0. In versions 3.9.0 through 4.10.0, the NXP CAAM crypto driver employs a non-constant-time memcmp() during label hash verification, resulting in multiple distinguishable error paths. This flaw enables attackers to exploit a padding oracle attack, allowing them to recover RSA-OAEP plaintext through approximately 1000-2000 adaptive chosen ciphertext queries. Users are advised to upgrade to version 4.11.0 or disable the NXP CAAM RSA driver as a temporary workaround.
Affected Version(s)
optee_os >= 3.9.0, < 4.11.0
