Severity by source
AV:L/AC:L/PR:L/UI:N/S:C/C:N/I:L/A:N
Local low-privilege TEE invocation required; when >512 MB threshold is met, AES-GCM integrity guarantee is fully defeated (I:H), not merely degraded; S:C retained as TEE secure-world impact crosses to REE.
Primary rating from Vendor (GitHub_M).
CVSS VectorVendor: GitHub_M
CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:C/C:N/I:L/A:N
Lifecycle Timeline
3DescriptionCVE.org
OP-TEE is a Trusted Execution Environment (TEE) designed as companion to a non-secure Linux kernel running on Arm; Cortex-A cores using the TrustZone technology. Starting in version 3.0.0 and prior to version 4.11.0, 32-bit integer overflows in OP-TEE core's AES-GCM implementation cause the authentication tag to be computed with incorrect bit-length values after processing more than 512 megabytes of payload or Additional Authenticated Data (AAD). Version 4.11.0 contains a patch. No known workarounds are available.
AnalysisAI
Integer overflow in OP-TEE OS's AES-GCM implementation silently corrupts authentication tag computation when a single operation processes more than 512 megabytes of payload or Additional Authenticated Data (AAD), affecting all deployments running versions 3.0.0 through 4.10.x on Arm TrustZone platforms. The overflow causes the GHASH length counters to wrap, meaning the GCM authentication tag is derived from incorrect bit-length values - defeating AES-GCM's core integrity guarantee without any runtime error or exception. …
Unlock full vulnerability intelligence
- Risk assessment & exploitation conditions
- Attack chain visualization
- Remediation with exact patch versions
- Threat intelligence from 22 sources
- Personal watchlist & email alerts
Free forever · No credit card required
Attack ChainAIDerived
Hypothetical attack flow derived from CVE metadata
Vulnerability AssessmentAI
| Exploitation | Exploitation requires that a single AES-GCM operation within OP-TEE processes more than 512 megabytes (2^32 bits) of payload data or Additional Authenticated Data (AAD) - this is the specific threshold at which 32-bit integer counters overflow. … Additional conditions and limiting factors are described in the full assessment. |
| Risk Assessment | The vendor-assigned CVSS 3.0 base score of 3.8 (Low) with vector AV:L/AC:L/PR:L/UI:N/S:C/C:N/I:L/A:N reflects the local attack surface and limited integrity impact designation. … Full risk analysis with EPSS, KEV, and SSVC signal comparison available after sign-in. |
| Exploit Scenario | A Trusted Application or REE process passes a single AES-GCM encryption or decryption call to OP-TEE with more than 512 MB of payload or AAD data. The internal 32-bit bit-length counter silently overflows during GHASH computation, causing the final authentication tag to be derived from an incorrect length value. … |
| Remediation | Upgrade OP-TEE OS to version 4.11.0 or later, which contains the vendor-confirmed patch for this integer overflow. … Detailed patch versions, workarounds, and compensating controls in full report. |
Threat intelligence, references, and detailed analysis are available after sign-in.
Subkey rollback protection in OP-TEE OS versions 3.20.0 through 4.10.x is completely non-functional due to a missing fie
Heap overflow in OP-TEE's ARM Crypto Extensions SHA-3 implementation corrupts TEE kernel memory across all platforms bui
Heap exhaustion in OP-TEE OS (versions 3.3.0 through 4.10.x) allows a low-privileged normal-world local caller to progre
Stack exhaustion via unbounded recursion in the OP-TEE PKCS#11 Trusted Application allows a local low-privileged user to
RSA PKCS#1 v1.5 decryption in OP-TEE's Hisilicon HPRE hardware accelerator driver exposes a Bleichenbacher-style padding
RSA-OAEP decryption in OP-TEE OS versions 4.5.0 through 4.10.x exposes a Manger-style padding oracle via the Hisilicon H
RSA-OAEP decryption in OP-TEE OS versions 3.9.0 through 4.10.x exposes a Manger-style padding oracle via the NXP CAAM ha
Same weakness CWE-190 – Integer Overflow or Wraparound
View allSame technique Integer Overflow
View allShare
External POC / Exploit Code
Leaving vuln.today
EUVD-2026-41912