CVE-2026-33662

Name of the Vulnerable Software and Affected Versions OP-TEE versions 3.8.0 through 4.10

Description An integer underflow occurs in the emsa pkcs1 v1 5 encode() function within the core/drivers/crypto/crypto api/acipher/rsassa.c file. The issue arises when calculating the padding size (PS size) by subtracting the digest size and other required EMA-PKCS1-v1 5 encoding fields from the key modulus size. If a sufficiently small modulus is selected, the subtraction overflows, leading to a memset() call that overwrites memory until the system crashes. This issue specifically affects platforms that register RSA acceleration.

Recommendations Update OP-TEE to a version later than 4.10.