Zidel

**Name of the Vulnerable Software and Affected Versions** OP-TEE versions prior to 4.11.0 **Description** OP-TEE is a Trusted Execution Environment designed as a companion to a non-secure Linux kernel running on Arm Cortex-A cores using TrustZone technology. In several ECDH shared secret paths, the public key is not verified to be a point on the correct curve. When calling the `TEE DeriveKey()` function, the public key is provided with X and Y values that may not satisfy the `Y^2 == X^3 + aX + b mod P` mathematical requirement for the specific curve used. An attacker in the normal world can provide 30-40 crafted public keys to leak `d % r`, where `d` is the private key and `r` is derived from the relationship between the correct curve and the attacker-selected curve. The full private key can then be reconstructed using the Chinese remainder theorem, which is a mathematical method used to solve systems of simultaneous congruences with different moduli. **Recommendations** Update to version 4.11.0.