CVE-2026-33662
Published: 24 April 2026
Summary
CVE-2026-33662 is a high-severity Integer Overflow or Wraparound (CWE-190) vulnerability in Linaro Op-Tee. Its CVSS base score is 7.5 (High).
Operationally, exploitation aligns with the MITRE ATT&CK technique Application or System Exploitation (T1499.004); ranked at the 25.6th percentile by exploit likelihood (below the median); it is not currently listed in the CISA KEV catalog.
The strongest mitigations our analysis identified are NIST 800-53 SI-10 (Information Input Validation) and SI-2 (Flaw Remediation).
Threat & Defense at a Glance
Threat & Defense Details
Mitigating Controls (NIST 800-53 r5)AI
SI-2 requires timely identification, reporting, and correction of flaws such as this integer overflow in OP-TEE's RSA padding function, directly mitigating the vulnerability through patching.
SI-10 mandates validation of information inputs like RSA key modulus sizes to prevent underflow from small moduli triggering excessive memset overwrites.
SI-11 ensures error handling in cryptographic operations does not lead to system crashes from integer underflow, maintaining availability despite malformed inputs.
MITRE ATT&CK Enterprise TechniquesAI
Why these techniques?
The integer underflow in OP-TEE's RSA encoding function allows remote unauthenticated attackers to trigger a crash via crafted RSA key, directly enabling application/system exploitation for denial of service.
NVD Description
OP-TEE is a Trusted Execution Environment (TEE) designed as companion to a non-secure Linux kernel running on Arm; Cortex-A cores using the TrustZone technology. From 3.8.0 to 4.10, in the function emsa_pkcs1_v1_5_encode() in core/drivers/crypto/crypto_api/acipher/rsassa.c, the amount of padding needed, "PS…
more
size", is calculated by subtracting the size of the digest and other fields required for the EMA-PKCS1-v1_5 encoding from the size of the modulus of the key. By selecting a small enough modulus, this subtraction can overflow. The padding is added as a string of 0xFF bytes with a call to memset(), and an underflowed integer will cause the memset() call to overwrite until OP-TEE crashes. This only affects platforms registering RSA acceleration.
Deeper analysisAI
CVE-2026-33662 is an integer overflow vulnerability (CWE-190) in OP-TEE, a Trusted Execution Environment designed to accompany a non-secure Linux kernel on Arm Cortex-A cores utilizing TrustZone technology. The issue affects versions 3.8.0 through 4.10 and is located in the emsa_pkcs1_v1_5_encode() function within core/drivers/crypto/crypto_api/acipher/rsassa.c. There, the padding size ("PS size") is computed by subtracting the digest size and other fixed fields from the RSA key's modulus size; a sufficiently small modulus causes this subtraction to overflow, resulting in an underflowed value passed to memset() for padding with 0xFF bytes. This triggers excessive memory overwrites, crashing OP-TEE. The flaw only impacts platforms that register RSA acceleration.
With a CVSS v3.1 base score of 7.5 (AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H), the vulnerability enables remote attackers with network access to exploit it without authentication, privileges, or user interaction. By supplying a crafted RSA key featuring a small modulus during an RSA operation that invokes the vulnerable encoding function, an attacker can induce the integer underflow, leading to OP-TEE denial of service via crash and potential disruption of secure operations.
Mitigation details are available in the OP-TEE GitHub security advisory at https://github.com/OP-TEE/optee_os/security/advisories/GHSA-4cf8-v5g3-73gr.
Details
- CWE(s)