CVE-2023-41325

OP-TEE double free in shdr_verify_signature

Severity Score

6.7

*CVSS v3.1

Exploit Likelihood

*EPSS

Affected Versions

*CPE

Public Exploits

*Multiple Sources

Exploited in Wild

*KEV

Decision

Attend

*SSVC

Descriptions

OP-TEE is a Trusted Execution Environment (TEE) designed as companion to a non-secure Linux kernel running on Arm; Cortex-A cores using the TrustZone technology. Starting in version 3.20 and prior to version 3.22, `shdr_verify_signature` can make a double free. `shdr_verify_signature` used to verify a TA binary before it is loaded. To verify a signature of it, allocate a memory for RSA key. RSA key allocate function (`sw_crypto_acipher_alloc_rsa_public_key`) will try to allocate a memory (which is optee’s heap memory). RSA key is consist of exponent and modulus (represent as variable `e`, `n`) and it allocation is not atomic way, so it may succeed in `e` but fail in `n`. In this case sw_crypto_acipher_alloc_rsa_public_key` will free on `e` and return as it is failed but variable ‘e’ is remained as already freed memory address . `shdr_verify_signature` will free again that memory (which is `e`) even it is freed when it failed allocate RSA key. A patch is available in version 3.22. No known workarounds are available.

OP-TEE es un Entorno de Ejecución Confiable (TEE) diseñado como complemento de un kernel de Linux no seguro que se ejecuta en Arm; Núcleos Cortex-A que utilizan la tecnología TrustZone. A partir de la versión 3.20 y anteriores a la versión 3.22, `shdr_verify_signature` puede hacer un doble libremente. `shdr_verify_signature` se usa para verificar un binario TA antes de cargarlo. Para verificar una firma del mismo, asigne una memoria para la clave RSA. La función de asignación de clave RSA (`sw_crypto_acipher_alloc_rsa_public_key`) intentará asignar una memoria (que es la memoria del montón del candidato). La clave RSA consta de exponente y módulo (representados como variables `e`, `n`) y su asignación no es de forma atómica, por lo que puede tener éxito en `e` pero fallar en `n`. En este caso, sw_crypto_acipher_alloc_rsa_public_key` se liberará en `e` y regresará cuando falló, pero la variable “e” permanece como dirección de memoria ya liberada. `shdr_verify_signature` liberará nuevamente esa memoria (que es `e`), incluso si se libera cuando no se pudo asignar la clave RSA. Hay un parche disponible en la versión 3.22. No hay workarounds conocidos disponibles.

*Credits: N/A

Attack Vector

Local

Attack Complexity

Low

Privileges Required

High

User Interaction

None

Scope

Unchanged

Confidentiality

High

Integrity

High

Availability

High

Attack Vector

Local

Attack Complexity

Low

Privileges Required

High

User Interaction

Required

Scope

Changed

Confidentiality

High

Integrity

High

Availability

None

* Common Vulnerability Scoring System

SSVC

Decision:Attend

Exploitation

Poc

Automatable

Tech. Impact

Total

* Organization's Worst-case Scenario

Timeline

2023-08-28 CVE Reserved
2023-09-15 CVE Published
2023-09-16 EPSS Updated
2024-09-25 CVE Updated
2024-09-25 First Exploit
---------- Exploited in Wild
---------- KEV Due Date

CWE

CWE-415: Double Free

CAPEC

References (2)

URL	Tag	Source

URL	Date	SRC
https://github.com/OP-TEE/optee_os/security/advisories/GHSA-jrw7-63cq-7vhm	2024-09-25

URL	Date	SRC
https://github.com/OP-TEE/optee_os/commit/e2ec831cb07ed0099535c7c140cb6338aa62816a	2023-09-22

URL	Date	SRC

Affected Vendors, Products, and Versions

Vendor		Product				Version		Other		Status
Vendor	Product	Version	Other	Status	<-- -->	Vendor	Product	Version	Other	Status
Linaro Search vendor "Linaro"		Op-tee Search vendor "Linaro" for product "Op-tee"				>= 3.20.0 < 3.22.0 Search vendor "Linaro" for product "Op-tee" and version " >= 3.20.0 < 3.22.0"		-		Affected
Linaro Search vendor "Linaro"		Op-tee Search vendor "Linaro" for product "Op-tee"				3.22.0 Search vendor "Linaro" for product "Op-tee" and version "3.22.0"		rc1		Affected