CVE-2026-41514
Received Received - Intake

RSA-OAEP Padding Oracle in OP-TEE Hisilicon HPRE Driver

Vulnerability report for CVE-2026-41514, including description, CVSS score, EPSS score, affected products, exploitability, helpful resources, and attack-flow context.

Publication date: 2026-07-06

Last updated on: 2026-07-06

Assigner: GitHub, Inc.

Description

OP-TEE is a Trusted Execution Environment (TEE) designed as companion to a non-secure Linux kernel running on Arm; Cortex-A cores using the TrustZone technology. Starting in version 4.5.0 and prior to version 4.11.0, the RSA-OAEP decryption implementation in the Hisilicon HPRE crypto driver uses non-constant-time `memcmp()` for label hash verification and has multiple distinguishable error paths. This creates a Manger-style padding oracle that allows an attacker to recover RSA-OAEP plaintext with approximately 1000-2000 adaptive chosen ciphertext queries. Only affects plat-d06 with `CFG_HISILICON_ACC_V3=y`, which seems to be disabled by default. Version 4.11.0 contains a patch. As a workaround, disable Hisilicon HPRE RSA driver with `CFG_HISILICON_ACC_V3=n`.

CVSS Scores

EPSS Scores

Probability:
Percentile:

Meta Information

Published
2026-07-06
Last Modified
2026-07-06
Generated
2026-07-07
AI Q&A
2026-07-06
EPSS Evaluated
N/A
NVD
EUVD

Affected Vendors & Products

Showing 3 associated CPEs
Vendor Product Version / Range
hisilicon hpre to 4.11.0 (exc)
op-tee op-tee_os to 4.11.0 (exc)
hisilicon hpre *

Helpful Resources

Exploitability

CWE
CWE Icon
KEV
KEV Icon
CWE ID Description
CWE-208 Two separate operations in a product require different amounts of time to complete, in a way that is observable to an actor and reveals security-relevant information about the state of the product, such as whether a particular operation was successful or not.

Attack-Flow Graph

AI Quick Actions

Instant insights powered by AI
Executive Summary

CVE-2026-41514 is a vulnerability in the Hisilicon HPRE driver within the OP-TEE OS that affects RSA-OAEP decryption. The issue is caused by the use of a non-constant-time memcmp() function for label hash verification and the presence of multiple distinguishable error paths. This creates a Manger-style padding oracle, which allows an attacker to recover RSA-OAEP plaintext by submitting approximately 1000-2000 adaptive chosen ciphertext queries and analyzing timing differences.

This vulnerability only affects systems with the plat-d06 platform and the CFG_HISILICON_ACC_V3=y configuration enabled, which is disabled by default. The vulnerability was fixed in version 4.11.0 by replacing memcmp() with a constant-time comparison function and restructuring the padding scan to remove timing side channels.

Impact Analysis

This vulnerability primarily impacts the confidentiality of RSA-OAEP encrypted data processed by the Hisilicon HPRE driver in OP-TEE. An attacker with the ability to submit chosen ciphertexts to the vulnerable system can recover plaintext data by exploiting timing differences in the decryption process.

The severity is rated as Low with a CVSS score of 2.5, indicating limited impact. The vulnerability does not affect integrity or availability, and it requires local access with high attack complexity and low privileges.

Detection Guidance

This vulnerability arises from timing differences in the RSA-OAEP decryption process due to non-constant-time memcmp() usage and distinguishable error paths. Detection involves monitoring the Trusted Execution Environment (TEE) RSA-OAEP decryption interface for abnormal adaptive chosen ciphertext queries and timing side channels.

There are no specific commands provided to detect this vulnerability directly on your network or system.

Mitigation Strategies

Immediate mitigation steps include disabling the Hisilicon HPRE RSA driver by setting the configuration option CFG_HISILICON_ACC_V3 to 'n'.

Additionally, upgrading OP-TEE OS to version 4.11.0 or later is recommended, as this version contains a patch that replaces the vulnerable memcmp() with a constant-time implementation and restructures the padding scan to eliminate timing side channels.

Chat Assistant

Ask questions about this CVE
Hi! I’m here to help you understand CVE-2026-41514. Ask me anything about the vulnerability, its impact, or mitigation strategies.
0/70

EPSS Chart