CVE-2019-25052
Description
Linaro OP-TEE versions before 3.7.0 allow direct calls to crypto update/final functions, causing crashes that may leak sensitive information.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Linaro OP-TEE versions before 3.7.0 allow direct calls to crypto update/final functions, causing crashes that may leak sensitive information.
Vulnerability
In Linaro OP-TEE before version 3.7.0, it was possible to directly call the update and final cryptographic functions without proper initialization. This could be achieved by providing inconsistent or malformed data to the cryptographic operations. The affected code paths are within the OP-TEE OS kernel.
Exploitation
An attacker needs to interact with the OP-TEE OS, potentially through a Trusted Application, and provide malformed data to trigger the vulnerability. By bypassing the initialization checks, an attacker can directly invoke the update and final functions on a crypto context that has not been properly set up, leading to a crash.
Impact
Successful exploitation of this vulnerability results in a crash of the OP-TEE OS. This crash can potentially lead to the leakage of sensitive information that was being processed by the cryptographic functions at the time of the incident. The scope of the compromise is limited to the information accessible within the OP-TEE environment.
Mitigation
A patch has been released in OP-TEE OS version 3.7.0, committed on commit ID 34a08be [1]. This patch adds state checks to the update and final functions to prevent direct calls before initialization. There are no workarounds available, and users are advised to update to a patched version. The vulnerability was reported by Riscure and is tracked as OP-TEE-2019-0021 [2].
AI Insight generated on Jun 6, 2026. Synthesized from this CVE's description and the cited reference URLs; citations are validated against the source bundle.
Affected products
2- Linaro/OP-TEEdescription
Patches
0No patches discovered yet.
Vulnerability mechanics
Root cause
"The cryptographic functions could be called directly without proper initialization, leading to a crash and potential information disclosure."
Attack vector
An attacker can trigger this vulnerability by providing inconsistent or malformed data to the cryptographic functions. This bypasses the intended initialization checks, allowing direct calls to update and final functions. Such direct calls can lead to a crash within the Trusted Execution Environment (TEE).
Affected code
The vulnerability exists in the handling of cryptographic operations within OP-TEE. Specifically, the `syscall_hash_init`, `syscall_hash_update`, `syscall_hash_final`, `syscall_cipher_init`, `tee_svc_cipher_update_helper`, `syscall_authenc_init`, `syscall_authenc_update_aad`, `syscall_authenc_update_payload`, `syscall_authenc_enc_final`, and `syscall_authenc_dec_final` functions are affected. The patch modifies these functions to enforce state checks [ref_id=1].
What the fix does
The patch introduces a new `cryp_state` enum to track the initialization status of cryptographic operations. The `syscall_hash_init`, `syscall_cipher_init`, and `syscall_authenc_init` functions now set the state to `CRYP_STATE_INITIALIZED`. Subsequently, the `update` and `final` functions for hash, cipher, and authenticated encryption operations now check if the state is `CRYP_STATE_INITIALIZED` before proceeding, preventing direct calls to uninitialized states [ref_id=1].
Generated on Jun 2, 2026. Inputs: CWE entries + fix-commit diffs from this CVE's patches. Citations validated against bundle.
References
2- github.com/OP-TEE/optee_os/commit/34a08bec755670ea0490cb53bbc68058cafc69b6nvdPatchThird Party Advisory
- github.com/OP-TEE/optee_os/security/advisories/GHSA-pgwr-qmgh-vhmfnvdPatchThird Party Advisory
News mentions
0No linked articles in our index yet.