CVE-2026-33662 OP-TEE: RSASSA EMSA- PKCS1-v1_5 underflow in emsa_pkcs1_v1_5_encode()

OP-TEE is a Trusted Execution Environment TEE designed as companion to a non-secure Linux kernel running on Arm; Cortex-A cores using the TrustZone technology. From 3.8.0 to 4.10, in the function emsapkcs1v15encode in core/drivers/crypto/cryptoapi/acipher/rsassa.c, the amount of padding needed, "...

CVE-2026-33662

OP-TEE (Trusted Execution Environment) has a concrete vulnerability in RSASSA PKCS#1 v1.5 padding. Affected versions are 3.8.0–4.10; the padding size (PS) is computed as modulus size minus digest/EMSA fields in emsa_pkcs1_v1_5_encode() (rsassa.c). If the modulus is small enough, this subtraction ...