Jihwan Park

**Name of the Vulnerable Software and Affected Versions** OP-TEE versions 3.20 through 3.21 **Description** OP-TEE is a Trusted Execution Environment (TEE) designed as a companion to a non-secure Linux kernel running on Arm; Cortex-A cores using the TrustZone technology. The issue arises in the `shdr verify signature` function, which is used to verify a TA binary before it is loaded. To verify a signature, memory is allocated for an RSA key using the `sw crypto acipher alloc rsa public key` function, which attempts to allocate memory from OP-TEE's heap memory. The RSA key consists of an exponent and modulus, represented by variables `e` and `n`. However, the allocation of these variables is not atomic, which means it may succeed for `e` but fail for `n`. In such cases, the `sw crypto acipher alloc rsa public key` function will free the memory allocated for `e` and return as if the allocation failed, but the variable `e` will still hold the address of the already freed memory. Subsequently, `shdr verify signature` will attempt to free this memory again, even though it has already been freed, resulting in a double free. A patch is available in version 3.22. **Recommendations** For OP-TEE versions 3.20 through 3.21, update to version 3.22 to resolve the issue. At the moment, there are no known workarounds available for these versions.