CVE-2026-45614
Insufficient Public Key Validation in OP-TEE ECDH Key Derivation
Publication date: 2026-06-03
Last updated on: 2026-06-03
Assigner: GitHub, Inc.
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| op-tee | op-tee | to 4.11.0 (inc) |
| op-tee | op-tee | to 4.11.0 (exc) |
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-347 | The product does not verify, or incorrectly verifies, the cryptographic signature for data. |
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?
CVE-2026-45614 is a vulnerability in OP-TEE versions prior to 4.11.0 where the public key used in Elliptic Curve Diffie-Hellman (ECDH) shared secret paths is not properly verified to be a valid point on the correct elliptic curve.
An attacker in the normal world can pass about 30-40 specially crafted public keys to OP-TEE. Because these keys are not checked for validity, each call to the TEE_DeriveKey function leaks partial information about the private key.
By collecting enough leaked data, mathematical techniques like the Chinese remainder theorem can be used to reconstruct the full private key.
How does this vulnerability affect compliance with common standards and regulations (like GDPR, HIPAA)?:
This vulnerability allows an attacker to reconstruct private keys by exploiting improper validation of public keys in OP-TEE's ECDH implementation. Such a compromise of cryptographic keys can lead to unauthorized access to sensitive data or systems.
Since standards like GDPR and HIPAA require strong protection of personal and sensitive data, including the use of secure cryptographic methods to ensure confidentiality and integrity, this vulnerability could negatively impact compliance by weakening the security guarantees of cryptographic operations.
Organizations relying on affected versions of OP-TEE might face increased risk of data breaches or unauthorized data exposure, which could lead to violations of these regulations if not properly mitigated or patched.
How can this vulnerability impact me? :
This vulnerability can allow an attacker with low privileges and no user interaction to recover the private key used in OP-TEE's ECDH operations.
With the private key compromised, the attacker could potentially decrypt sensitive data, impersonate trusted entities, or bypass security mechanisms relying on the confidentiality of that key.
The attack complexity is high, but successful exploitation could lead to a significant confidentiality breach.
How can this vulnerability be detected on my network or system? Can you suggest some commands?
This vulnerability can be detected by verifying if the OP-TEE version in use is prior to 4.11.0, as those versions do not properly validate public keys on the correct elliptic curve in ECDH shared secret paths.
Detection may also involve checking for the presence of crafted public keys being passed to the TEE_DeriveKey function, which could be done by monitoring calls to this function or analyzing logs for unusual key derivation requests.
However, no specific detection commands are provided in the available resources.
What immediate steps should I take to mitigate this vulnerability?
Immediate mitigation steps include upgrading OP-TEE to version 4.11.0 or later, where the public key validation issue has been fixed.
Additional mitigations involve implementing public key validation within Trusted Applications (TAs), using compressed points for public keys, or employing hardware-based checks to ensure the validity of public keys.