When doing calls to syscall_authenc_xyz functions (all of them except syscall_authenc_init) there were no checking being done that the state coming from the TA has been initialized to a valid authenticated encryption state. As a consequence of that it’s possible to redirect execution to other functions. Doing like that will make TEE core end up with a data abort.
Patches
optee_os.git
- cryp: ensure that mode is AE in syscall_authenc_ functions (45a367d)
Workarounds
N/A
References
N/A
OP-TEE ID
OP-TEE-2019-0019
Reported by
Riscure
For more information
For more information regarding the security incident process in OP-TEE, please read the information that can be found when going to the "Security" page at https://www.trustedfirmware.org.
When doing calls to
syscall_authenc_xyzfunctions (all of them exceptsyscall_authenc_init) there were no checking being done that the state coming from the TA has been initialized to a valid authenticated encryption state. As a consequence of that it’s possible to redirect execution to other functions. Doing like that will make TEE core end up with a data abort.Patches
optee_os.git
Workarounds
N/A
References
N/A
OP-TEE ID
OP-TEE-2019-0019
Reported by
Riscure
For more information
For more information regarding the security incident process in OP-TEE, please read the information that can be found when going to the "Security" page at https://www.trustedfirmware.org.