A vulnerability in the OP-TEE project was found by Intel Security Advanced Threat Research in June 2016. It appeared that OP-TEE was vulnerable to Bleichenbacher signature forgery attack.
The problem lies in the LibTomCrypt code in OP-TEE, that neglects to check that the message length is equal to the ASN.1 encoded data length. Upstream LibTomCrypt already had a fix and there was also a test case, verifying that the fix resolved the issue.
Patches
The fixes from upstream LibTomCrypt has been cherry-picked into OP-TEE.
optee_os.git
- rsa_verify_hash: fix possible bleichenbacher signature attack (30d1325)
optee_test.git
Workarounds
N/A
References
N/A
OP-TEE ID
OP-TEE-2016-0001
Reported by
Intel Security Advanced Threat Research
For more information
For more information regarding the security incident process in OP-TEE, please read the information that can be found when going to the "Security" page at https://www.trustedfirmware.org.
A vulnerability in the OP-TEE project was found by Intel Security Advanced Threat Research in June 2016. It appeared that OP-TEE was vulnerable to Bleichenbacher signature forgery attack.
The problem lies in the LibTomCrypt code in OP-TEE, that neglects to check that the message length is equal to the ASN.1 encoded data length. Upstream LibTomCrypt already had a fix and there was also a test case, verifying that the fix resolved the issue.
Patches
The fixes from upstream LibTomCrypt has been cherry-picked into OP-TEE.
optee_os.git
optee_test.git
Workarounds
N/A
References
N/A
OP-TEE ID
OP-TEE-2016-0001
Reported by
Intel Security Advanced Threat Research
For more information
For more information regarding the security incident process in OP-TEE, please read the information that can be found when going to the "Security" page at https://www.trustedfirmware.org.