Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1336 CNY

100%

CVE-2026-53763— OP-TEE has AES-GCM 32-bit integer overflow in length counters that breaks authentication guarantee

AI Predicted 6.5 Difficulty: Moderate EPSS 0.15% · P5

Possible ATT&CK Techniques 1AI

T1055 · Process Injection

Affected Version Matrix 1

VendorProductVersion RangeStatus
OP-TEEoptee_os>= 3.0.0, < 4.11.0affected
Get alerts for future matching vulnerabilitiesLog in to subscribe

I. Basic Information for CVE-2026-53763

Vulnerability Information

Have questions about the vulnerability? See if Shenlong's analysis helps!
View Shenlong Deep Dive ↗

Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.

Vulnerability Title
OP-TEE has AES-GCM 32-bit integer overflow in length counters that breaks authentication guarantee
Source: NVD (National Vulnerability Database)
Vulnerability Description
OP-TEE is a Trusted Execution Environment (TEE) designed as companion to a non-secure Linux kernel running on Arm; Cortex-A cores using the TrustZone technology. Starting in version 3.0.0 and prior to version 4.11.0, 32-bit integer overflows in OP-TEE core's AES-GCM implementation cause the authentication tag to be computed with incorrect bit-length values after processing more than 512 megabytes of payload or Additional Authenticated Data (AAD). Version 4.11.0 contains a patch. No known workarounds are available.
Source: NVD (National Vulnerability Database)
CVSS Information
N/A
Source: NVD (National Vulnerability Database)
Vulnerability Type
整数溢出或超界折返
Source: NVD (National Vulnerability Database)
Vulnerability Title
OP-TEE optee_os 数字错误漏洞
Source: CNNVD (China National Vulnerability Database)
Vulnerability Description
OP-TEE optee_os是OP-TEE的安全操作系统。 OP-TEE optee_os 3.0.0版本至4.11.0之前版本存在数字错误漏洞,该漏洞源于OP-TEE核心AES-GCM实现中32位整数溢出,导致在处理超过512MB有效载荷或额外认证数据后,认证标签使用错误的位长度值进行计算。
Source: CNNVD (China National Vulnerability Database)
CVSS Information
N/A
Source: CNNVD (China National Vulnerability Database)
Vulnerability Type
N/A
Source: CNNVD (China National Vulnerability Database)

Affected Products

VendorProductAffected VersionsCPESubscribe
OP-TEEoptee_os >= 3.0.0, < 4.11.0 -

II. Public POCs for CVE-2026-53763

#POC DescriptionSource LinkShenlong Link
AI-Generated POCPremium

No public POC found.

Login to generate AI POC

III. Intelligence Information for CVE-2026-53763

登录查看更多情报信息。

Vendor Advisories for CVE-2026-53763 (1)

Same Patch Batch · OP-TEE · 2026-07-06 · 8 CVEs total

CVE-2026-402575.5 MEDIUMOP-TEE has SHA-3 accelerated finalize heap overflow
CVE-2026-443625.5 MEDIUMOP-TEE's subkey rollback protection can be bypassed with older subkey versions
CVE-2026-425463.8 LOWOP-TEE has missing OPTEE_MSG_ATTR_TYPE_MASK in cleanup_shm_refs() leaks mobj references
CVE-2026-414343.3 LOWOP-TEE has unbounded recursion in sanitize_client_object()
CVE-2026-415142.5 LOWOP-TEE: RSA-OAEP padding oracle in Hisilicon HPRE driver enables plaintext recovery
CVE-2026-415162.5 LOWOP-TEE: Hisilicon HPRE PKCS#1 v1.5 Decryption Padding Oracle
CVE-2026-415152.5 LOWOP-TEE: RSA-OAEP padding oracle in NXP CAAM driver enables plaintext recovery

IV. Related Vulnerabilities

V. Comments for CVE-2026-53763

No comments yet


Leave a comment