Vulnerability in Hisilicon HPRE Crypto Driver of OP-TEE on Arm Processors
CVE-2026-41516

2.5LOW

Key Information:

Vendor

Op-tee

Status
Vendor
CVE Published:
6 July 2026

What is CVE-2026-41516?

The Hisilicon HPRE crypto driver in OP-TEE has a vulnerability in its RSA PKCS#1 v1.5 decryption implementation that allows attackers to exploit timing discrepancies and distinguish error paths. This weakness could enable an attacker to recover plaintext data through a Bleichenbacher-style padding oracle attack. The issue affects versions from 4.5.0 to 4.10.0, with a patch introduced in version 4.11.0. Users are advised to disable the Hisilicon HPRE RSA driver as a temporary mitigation.

Affected Version(s)

optee_os >= 4.5.0, < 4.11.0

References

CVSS V3.1

Score:
2.5
Severity:
LOW
Confidentiality:
Low
Integrity:
None
Availability:
Low
Attack Vector:
Local
Attack Complexity:
High
Privileges Required:
Low
User Interaction:
None
Scope:
Unchanged

Timeline

  • Vulnerability published

  • Vulnerability Reserved

.