CVE-2026-45614: OP-TEE ECDH Private Key Recovery via Curve Validation Bypass
OP-TEE, a Trusted Execution Environment for Arm systems, fails to validate that ECDH public keys lie on the correct elliptic curve before deriving shared secrets. An attacker with local access can craft approximately 30-40 malformed public keys and submit them through TEE_DeriveKey calls to leak fragments of the private key. By collecting these leaks and applying the Chinese Remainder Theorem, the attacker can reconstruct the full private key. This breaks the confidentiality of ECDH operations and affects systems relying on OP-TEE for cryptographic operations prior to version 4.11.0.
Source data · NVD / CISA · public domain
- CVSS
- 3.1 · 4.7 MEDIUM · CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N
- Weaknesses (CWE)
- CWE-347
- Affected products
- 1 configuration(s)
- Published / Modified
- 2026-06-03 / 2026-06-17
NVD description (verbatim)
OP-TEE is a Trusted Execution Environment (TEE) designed as companion to a non-secure Linux kernel running on Arm; Cortex-A cores using the TrustZone technology. Prior to version 4.11.0, on many of the ECDH shared secret paths, the public key isn't verified to be a point on the correct curve. By passing approximately 30-40 crafted public keys to OP-TEE, the private key can be reconstructed by a normal world attacker. When calling TEE_DeriveKey the public key is provided with full X and Y values, but the (X, Y) point might not satisfy the `Y^2 == X^3 + aX + b mod P` math for the specific curve that is used. When those public keys aren't rejected, the attacker can select public keys such that each DeriveKey call will leak `d % r` where `d` is the private key and `r` comes from the relationship between the correct curve and the attacker selected curve. With enough leaked data the Chinese remainder theorem can be used to recover the full private key. Version 4.11.0 fixes the issue.
2 reference(s) · View on NVD →
SEC.co analysis · AI-assisted, reviewed against source
Technical summary
The vulnerability stems from missing validation in OP-TEE's ECDH shared secret derivation. When TEE_DeriveKey is called with a public key, the implementation does not verify that the (X, Y) coordinate pair satisfies the curve equation Y² ≡ X³ + aX + b (mod P). An attacker can supply points that lie on a different, related curve. For each call with a crafted key, the operation leaks d mod r, where d is the private key and r is derived from the mathematical relationship between the legitimate curve and the attacker's chosen curve. Accumulating roughly 30-40 such modular remainders allows reconstruction of d using the Chinese Remainder Theorem. This is a signature verification bypass (CWE-347) in the cryptographic validation layer.
Business impact
Compromise of ECDH private keys undermines forward secrecy, long-term key confidentiality, and any system deriving session secrets from OP-TEE. Organizations deploying OP-TEE for secure key derivation—particularly in IoT, automotive, or financial systems relying on TrustZone—face exposure of sensitive cryptographic material. The attack requires local access, but once executed, the leaked private key can enable decryption of past and future communications, credential forgery, and lateral movement. Systems already using compromised keys may need emergency key rotation and full audit of encrypted data.
Affected systems
OP-TEE versions prior to 4.11.0 are affected. The vulnerability applies to ECDH operations across all supported Arm Cortex-A processors using TrustZone. Devices and systems embedding OP-TEE as their TEE implementation—including but not limited to those using OP-TEE's official builds or vendor-customized variants—require patching. Check your TEE implementation to confirm whether OP-TEE is in use and verify the version number.
Exploitability
The attack requires local access (AV:L) to invoke TEE_DeriveKey and is moderately difficult to execute (AC:H), necessitating precise construction of invalid curve points and multiple calls to leak sufficient key material. However, once an attacker achieves local access, the process is deterministic and does not require user interaction. No network interaction is needed. The barrier is primarily technical sophistication rather than privilege—an unprivileged local user (PR:L) can perform the attack, making it accessible to a broad class of adversaries with device access.
Remediation
Upgrade OP-TEE to version 4.11.0 or later, which adds validation to ensure public keys are points on the correct elliptic curve before deriving shared secrets. Verify the patch directly from the Trusted Firmware project repository or your vendor's security advisory. After patching, conduct cryptographic audit of any keys derived using affected OP-TEE versions, and rotate sensitive material if necessary.
Patch guidance
Update OP-TEE to version 4.11.0 or later. Consult your device vendor or the official Trusted Firmware OP-TEE project for release artifacts and verification procedures. If you maintain custom OP-TEE builds, pull the latest source and rebuild. Test patches in a controlled environment before production deployment, particularly for systems where TEE firmware updates may impact bootloader, firmware attestation, or secure world functionality.
Detection guidance
Identify systems running OP-TEE by checking TEE implementation and version strings in firmware metadata or boot logs. Monitor for repeated TEE_DeriveKey calls with unusual patterns of invalid public keys, though this may be difficult to log from the normal world. Forensic analysis of systems with suspected key compromise should focus on audit trails from applications calling TEE cryptographic functions. Consider implementing integrity checks on keys known to have been derived during the vulnerable period.
Why prioritize this
Although the CVSS score is MEDIUM (4.7), the attack fundamentally breaks ECDH confidentiality and enables full private key recovery. The requirement for local access limits blast radius compared to network attacks, but the deterministic nature of the exploitation, the small number of calls needed (~30-40), and the broad deployment of OP-TEE in embedded and IoT systems warrant prompt patching. Prioritize systems storing long-term keys or deriving session secrets critical to authentication and encryption.
Risk score, explained
CVSS 4.7 reflects local-access-only requirement (AV:L) and moderate technical complexity (AC:H), limiting immediate remote exploitability. However, the 'High' confidentiality impact (C:H) reflects complete compromise of ECDH secrets. The score does not fully capture the cryptographic severity: once the private key is recovered, all security properties of the key are lost. For systems where ECDH keys are foundational to trust, the practical impact may exceed the base score.
Frequently asked questions
Does this affect my system if I don't use ECDH?
Only if your applications use TEE_DeriveKey with ECDH algorithms. Other cryptographic functions in OP-TEE are not mentioned as vulnerable. Review your TEE application code and configuration to confirm whether ECDH-based key derivation is in use.
Can this be exploited remotely?
No. The attack vector is local (AV:L), requiring an attacker to have access to the device and the ability to make calls into the TEE. Remote code execution on the normal world (Linux kernel) combined with a local OP-TEE exploit would enable remote private key theft, but the vulnerability itself is not remotely exploitable.
If I patch OP-TEE, do I need to rotate my keys?
Yes, if any long-lived keys were derived using OP-TEE prior to 4.11.0 and those keys are used for sensitive operations. Short-lived session keys may have naturally expired, but verify the lifetime and sensitivity of affected keys. When in doubt, rotate.
What is CWE-347 and why does it matter here?
CWE-347 (Improper Verification of Cryptographic Signature) describes the failure to properly validate cryptographic material before use. In this case, the public key itself—not a signature—fails validation. The result is that an invalid cryptographic input is accepted, leading to information leakage. Proper input validation is fundamental to secure cryptographic implementation.
This analysis is provided for informational purposes based on the published CVE record. Verify all version numbers, patch availability, and vendor guidance against the official Trusted Firmware OP-TEE project advisory and your vendor's security bulletin. No exploit code or detailed attack reproduction is provided. Organizations should perform independent risk assessment, testing, and validation before applying patches to production systems. SEC.co makes no warranty regarding the completeness or accuracy of this information. Source: NVD (public-domain), retrieved 2026-07-07. Analysis generated by SEC.co (claude-haiku-4-5).
Related vulnerabilities
- CVE-2026-48523MEDIUMPyJWT Algorithm Bypass in JWK Verification (2.9.0–2.12.1)
- CVE-2026-47201HIGHauthentik SAML XML Signature Wrapping Authentication Bypass
- CVE-2026-48526HIGHPyJWT Authentication Bypass via HMAC Algorithm Misuse
- CVE-2026-45702MEDIUMOP-TEE Type Confusion Vulnerability in FFA_MEM_SHARE Processing
- CVE-2026-40290HIGHOP-TEE Use-After-Free Race Condition in Shared Memory Management
- CVE-2018-25384MEDIUMStored XSS in Wikidforum 2.20 Allows Authenticated Attackers to Inject Malicious Scripts
- CVE-2018-25387MEDIUMHaPe PKH 1.1 Cross-Site Request Forgery (CSRF) Admin Password Reset
- CVE-2018-25393MEDIUMNavigate CMS 2.8.5 Path Traversal Vulnerability (CVSS 6.5)