Security Advisories

At this page we will list of all known security vulnerabilities found on OP-TEE. Likewise you will find when it was fixed and who reported the issue.

If you have found a security issue in OP-TEE, please send us an email (see About) and then someone from the team will contact you for further discussion. The initial email doesn't have to contain any details.

December 2016

RSA key leakage after fault injection attack

Description

Currently investigating and working with Applus Laboratories to understand the issue and how to fix it. Will update this as soon as we know more about the issue.

Reported by CVE ID OP-TEE ID Affected versions
Applus Laboratories N/A OP-TEE-2016-0003 All current versions

RSA key leakage after side channel attacks

Description

Currently investigating and working with Applus Laboratories to understand the issue and how to fix it. Will update this as soon as we know more about the issue.

Reported by CVE ID OP-TEE ID Affected versions
Applus Laboratories N/A OP-TEE-2016-0002 All current versions

June 2016

Bleichenbacher signature forgery attack

Description

A vulnerability in the OP-TEE project was found by Intel Security Advanced Threat Research in June 2016. It appeared that OP-TEE was vulnerable to Bleichenbacher signature forgery attack.

The problem lies in the LibTomCrypt code in OP-TEE, that neglects to check that the message length is equal to the ASN.1 encoded data length. Upstream LibTomCrypt already had a fix and there was also a test case, verifying that the fix resolved the issue.

The fixes from upstream LibTomCrypt has been cherry-picked into OP-TEE. The fix for TEE core can be found upstream in this patch and a test case has been added to the test suite for OP-TEE and that can also be found upstream in this patch.

Reported by CVE ID OP-TEE ID Affected versions
Intel Security Advanced Threat Research CVE-2016-6129 OP-TEE-2016-0001 All versions prior to OP-TEE v2.2.0 (fixed in OP-TEE v2.2.0)