Vulnerability in Hisilicon HPRE Crypto Driver of OP-TEE on Arm Processors
CVE-2026-41516
2.5LOW
What is CVE-2026-41516?
The Hisilicon HPRE crypto driver in OP-TEE has a vulnerability in its RSA PKCS#1 v1.5 decryption implementation that allows attackers to exploit timing discrepancies and distinguish error paths. This weakness could enable an attacker to recover plaintext data through a Bleichenbacher-style padding oracle attack. The issue affects versions from 4.5.0 to 4.10.0, with a patch introduced in version 4.11.0. Users are advised to disable the Hisilicon HPRE RSA driver as a temporary mitigation.
Affected Version(s)
optee_os >= 4.5.0, < 4.11.0
