CVE-2026-33662

/* * PoC Concept for CVE-2026-33662 * This demonstrates the logic error leading to integer underflow. */ #include <stdio.h> #include <string.h> #include <stdint.h> // Simulating the vulnerable function logic void vulnerable_encode(size_t modulus_size, size_t digest_size) { printf("Modulus size: %zu, Digest size: %zu\n", modulus_size, digest_size); // The vulnerable calculation: (modulus_size - 3 - digest_size - 8) // If modulus_size is small enough, this underflows size_t ps_size = modulus_size - 11 - digest_size; printf("Calculated PS size: %zu\n", ps_size); if (ps_size > 1024) { printf("[!] Integer underflow detected! PS size is huge.\n"); printf("[!] Calling memset with this size will cause a crash/DoS.\n"); // In the real vulnerability, this memset crashes the TEE // memset(buffer, 0xFF, ps_size); } else { printf("[-] PS size is normal.\n"); } } int main() { // Normal scenario printf("--- Normal Case ---\n"); vulnerable_encode(2048, 32); // Exploit scenario: Using a very small modulus // This causes (64 - 11 - 32) to underflow if types are not handled, // or simply demonstrates the boundary condition. // In the actual bug, the subtraction results in a massive number. printf("\n--- Exploit Case (Small Modulus) ---\n"); // Assuming a context where modulus size is smaller than required overhead + digest vulnerable_encode(40, 32); return 0; }

{"cve": {"id": "CVE-2026-33662", "sourceIdentifier": "[email protected]", "published": "2026-04-24T19:17:09.997", "lastModified": "2026-04-28T15:48:13.150", "vulnStatus": "Analyzed", "cveTags": [], "descriptions": [{"lang": "en", "value": "OP-TEE is a Trusted Execution Environment (TEE) designed as companion to a non-secure Linux kernel running on Arm; Cortex-A cores using the TrustZone technology. From 3.8.0 to 4.10, in the function emsa_pkcs1_v1_5_encode() in core/drivers/crypto/crypto_api/acipher/rsassa.c, the amount of padding needed, \"PS size\", is calculated by subtracting the size of the digest and other fields required for the EMA-PKCS1-v1_5 encoding from the size of the modulus of the key. By selecting a small enough modulus, this subtraction can overflow. The padding is added as a string of 0xFF bytes with a call to memset(), and an underflowed integer will cause the memset() call to overwrite until OP-TEE crashes. This only affects platforms registering RSA acceleration."}], "metrics": {"cvssMetricV31": [{"source": "[email protected]", "type": "Secondary", "cvssData": {"version": "3.1", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "baseScore": 7.5, "baseSeverity": "HIGH", "attackVector": "NETWORK", "attackComplexity": "LOW", "privilegesRequired": "NONE", "userInteraction": "NONE", "scope": "UNCHANGED", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "availabilityImpact": "HIGH"}, "exploitabilityScore": 3.9, "impactScore": 3.6}]}, "weaknesses": [{"source": "[email protected]", "type": "Primary", "description": [{"lang": "en", "value": "CWE-190"}]}], "configurations": [{"nodes": [{"operator": "OR", "negate": false, "cpeMatch": [{"vulnerable": true, "criteria": "cpe:2.3:o:linaro:op-tee:*:*:*:*:*:*:*:*", "versionStartIncluding": "3.8.0", "versionEndIncluding": "4.10.0", "matchCriteriaId": "E5C1ECB7-B91B-4E11-8C78-951865EF01E0"}]}]}], "references": [{"url": "https://github.com/OP-TEE/optee_os/security/advisories/GHSA-4cf8-v5g3-73gr", "source": "[email protected]", "tags": ["Vendor Advisory", "Patch"]}]}}