CVE-2026-33662: OP-TEE RSA Padding Underflow Leads to Crash
The National Vulnerability Database has disclosed CVE-2026-33662, a high-severity vulnerability (CVSS 7.5) affecting OP-TEE, a Trusted Execution Environment (TEE) for Arm Cortex-A cores utilizing TrustZone technology. This flaw, present in versions 3.8.0 to 4.10, resides within the emsa_pkcs1_v1_5_encode() function in core/drivers/crypto/crypto_api/acipher/rsassa.c.
The vulnerability stems from an integer underflow when calculating padding size for RSA PKCS1 v1.5 encoding. Specifically, if a sufficiently small modulus is chosen, the subtraction to determine “PS size” can underflow, leading to an incorrect, larger-than-expected value. This underflowed integer is then used in a memset() call to add padding, causing an out-of-bounds write that ultimately crashes the OP-TEE system.
Crucially, this vulnerability only impacts platforms that have registered RSA acceleration. For defenders, this means any embedded or IoT device leveraging OP-TEE with RSA acceleration is potentially at risk. An attacker could trigger a denial-of-service condition, disrupting critical TEE operations and potentially impacting the integrity or availability of the secure environment. The attacker’s calculus here is straightforward: exploit an integer underflow to induce a crash, achieving a denial of service without requiring complex memory corruption techniques.
What This Means For You
- If your organization deploys devices or systems utilizing OP-TEE with RSA acceleration, you need to assess your exposure to CVE-2026-33662 immediately. This isn't just a theoretical bug; it's a denial-of-service vector for your secure execution environment. Review your OP-TEE versions and patch to a fixed release beyond 4.10 as soon as possible. Understand that a TEE crash compromises the very foundation of your device's security architecture.
Related ATT&CK Techniques
🛡️ Detection Rules
2 rules · 6 SIEM formats2 detection rules auto-generated for this incident, mapped to MITRE ATT&CK. Sigma YAML is free — export to any SIEM format via the Intel Bot.
CVE-2026-33662: OP-TEE RSA Padding Underflow Crash Attempt
title: CVE-2026-33662: OP-TEE RSA Padding Underflow Crash Attempt
id: scw-2026-04-24-ai-1
status: experimental
level: high
description: |
This rule detects the loading of the OP-TEE OS driver, which is the target of CVE-2026-33662. Exploitation of this vulnerability involves triggering an RSA padding underflow within OP-TEE, leading to a crash. Monitoring the loading of this specific driver is the most direct way to observe potential exploitation attempts.
author: SCW Feed Engine (AI-generated)
date: 2026-04-24
references:
- https://shimiscyberworld.com/posts/nvd-CVE-2026-33662/
tags:
- attack.initial_access
- attack.t1190
logsource:
category: driver_load
detection:
selection:
Image: '*/optee_os*
condition: selection
falsepositives:
- Legitimate administrative activity
Source: Shimi's Cyber World · License & reuse
Indicators of Compromise
| ID | Type | Indicator |
|---|---|---|
| CVE-2026-33662 | DoS | OP-TEE versions 3.8.0 to 4.10 |
| CVE-2026-33662 | DoS | core/drivers/crypto/crypto_api/acipher/rsassa.c in function emsa_pkcs1_v1_5_encode() |
| CVE-2026-33662 | Buffer Overflow | Integer underflow in padding size calculation leading to memset() overflow |
| CVE-2026-33662 | DoS | Affected platforms registering RSA acceleration |
Written by SCW Vulnerability Desk
Source & Attribution
| Source Platform | NVD |
| Channel | National Vulnerability Database |
| Published | April 24, 2026 at 22:17 UTC |
This content was AI-rewritten and enriched by Shimi's Cyber World based on the original source. All intellectual property rights remain with the original author.
Believe this infringes your rights? Submit a takedown request.
Related coverage
Daily Security Digest — 2026-04-24
12 vulnerability disclosures (3 Critical, 9 High) and 3 curated intelligence stories from 2 sources.
Dgraph CVE-2026-41492: Unauthenticated Admin Token Exposure Via /debug/vars
CVE-2026-41492 — Dgraph is an open source distributed GraphQL database. Prior to 25.3.3, Dgraphl exposes the process command line through the unauthenticated /debug/vars endpoint on...
CVE-2026-41421: SiYuan Desktop RCE via HTML Notification Abuse
CVE-2026-41421 — SiYuan is an open-source personal knowledge management system. Prior to 3.6.5, SiYuan desktop renders notification messages as raw HTML inside an Electron renderer....