OP-TEE libutee Secure Storage API Vulnerability Leading to Trusted Application Panic

A vulnerability in OP-TEE version 4.5.0 allows an attacker to cause a panic in a Trusted Application (TA) using the libutee Secure Storage API. This is achieved by running a malicious tee-supplicant binary in the Rich Execution Environment (REE) userspace. The vulnerability arises because return codes from secure storage operations are transmitted unsanitized from the REE tee-supplicant, through the Linux kernel tee-driver, and into libutee. An attacker with access to REE userspace can replace the default tee-supplicant with a malicious one that responds to storage requests with unexpected return codes, triggering a panic in the TA. This issue is particularly concerning for TAs with certain flags that affect their memory management and state preservation.

Impact

Exploitation of this vulnerability can lead to a panic in the affected TA, causing it to be unloaded and reloaded with a clean memory space. This behavior can disrupt TAs that rely on persistent memory between sessions. A critical example is the optee_ftpm TA, which uses retained memory to store Platform Configuration Register (PCR) values. An attacker can reset these PCRs, extend them with arbitrary data, and potentially falsify boot measurements or access sealed data.

Reproduction

The vulnerability can be reproduced by replacing the default tee-supplicant with a malicious version that returns unexpected response codes for secure storage operations. This can be done by stopping the original tee-supplicant process and launching the malicious one, which then interacts with the OP-TEE kernel and libutee, exploiting the unsanitized return code transmission to trigger a panic in the targeted TA.

Remediation

A patch is available in OP-TEE commit 941a58d78c99c4754fbd4ec3079ec9e1d596af8f, which adds the 'optee.ta.instanceKeepCrashed' property to prevent a TA with 'gpd.ta.keepAlive' from being restarted if it has crashed.