RSA-OAEP Decryption Vulnerability in OP-TEE Trusted Execution Environment
CVE-2026-41515

2.5LOW

Key Information:

Vendor

Op-tee

Status
Vendor
CVE Published:
6 July 2026

What is CVE-2026-41515?

The OP-TEE Trusted Execution Environment contains a vulnerability in its RSA-OAEP decryption implementation prior to version 4.11.0. In versions 3.9.0 through 4.10.0, the NXP CAAM crypto driver employs a non-constant-time memcmp() during label hash verification, resulting in multiple distinguishable error paths. This flaw enables attackers to exploit a padding oracle attack, allowing them to recover RSA-OAEP plaintext through approximately 1000-2000 adaptive chosen ciphertext queries. Users are advised to upgrade to version 4.11.0 or disable the NXP CAAM RSA driver as a temporary workaround.

Affected Version(s)

optee_os >= 3.9.0, < 4.11.0

References

CVSS V3.1

Score:
2.5
Severity:
LOW
Confidentiality:
Low
Integrity:
None
Availability:
Low
Attack Vector:
Local
Attack Complexity:
High
Privileges Required:
Low
User Interaction:
None
Scope:
Unchanged

Timeline

  • Vulnerability published

  • Vulnerability Reserved

.