Source: optee-os Version: 4.10.0-1 Severity: important Tags: security upstream X-Debbugs-Cc: [email protected], Debian Security Team <[email protected]>
Hi, The following vulnerability was published for optee-os. CVE-2026-45614[0]: | OP-TEE is a Trusted Execution Environment (TEE) designed as | companion to a non-secure Linux kernel running on Arm; Cortex-A | cores using the TrustZone technology. Prior to version 4.11.0, on | many of the ECDH shared secret paths, the public key isn't verified | to be a point on the correct curve. By passing approximately 30-40 | crafted public keys to OP-TEE, the private key can be reconstructed | by a normal world attacker. When calling TEE_DeriveKey the public | key is provided with full X and Y values, but the (X, Y) point might | not satisfy the `Y^2 == X^3 + aX + b mod P` math for the specific | curve that is used. When those public keys aren't rejected, the | attacker can select public keys such that each DeriveKey call will | leak `d % r` where `d` is the private key and `r` comes from the | relationship between the correct curve and the attacker selected | curve. With enough leaked data the Chinese remainder theorem can be | used to recover the full private key. Version 4.11.0 fixes the | issue. If you fix the vulnerability please also make sure to include the CVE (Common Vulnerabilities & Exposures) id in your changelog entry. For further information see: [0] https://security-tracker.debian.org/tracker/CVE-2026-45614 https://www.cve.org/CVERecord?id=CVE-2026-45614 [1] https://github.com/OP-TEE/optee_os/security/advisories/GHSA-g6qf-hwf7-mg9h Please adjust the affected versions in the BTS as needed. Regards, Salvatore
