CVE-2019-1010298

CRITICAL

Linaro/OP-TEE OP-TEE <3.4.0 - Buffer Overflow

Title source: llm

Exploitation Summary

EIP tracks 1 public exploit for CVE-2019-1010298. PoCs published by RKX1209.

AI-analyzed exploit summary This repository contains a functional proof-of-concept exploit for CVE-2019-1010298, targeting a vulnerability in OP-TEE's RSA-PSS verification. The exploit includes both host-side and trusted application (TA) code to demonstrate the flaw.

Description

Linaro/OP-TEE OP-TEE 3.3.0 and earlier is affected by: Buffer Overflow. The impact is: Code execution in the context of TEE core (kernel). The component is: optee_os. The fixed version is: 3.4.0 and later.

Exploits (1)

nomisec WORKING POC 16 stars

by RKX1209 · poc

https://github.com/RKX1209/CVE-2019-1010298

View Code ZIP pw:eip

This repository contains a functional proof-of-concept exploit for CVE-2019-1010298, targeting a vulnerability in OP-TEE's RSA-PSS verification. The exploit includes both host-side and trusted application (TA) code to demonstrate the flaw.

Classification

Working Poc 95%

Attack Type

Other

Complexity

Moderate

Reliability

Reliable

Target: OP-TEE (Open Portable Trusted Execution Environment)

No auth needed

Prerequisites: OP-TEE environment with vulnerable version · Access to the target system

MITRE ATT&CK

T1552 - Unsecured Credentials

devstral-2 · analyzed Feb 18, 2026 Full analysis →

References (1)

Core 1

Core References

Patch, Third Party Advisory x_refsource_misc

https://github.com/OP-TEE/optee_os/commit/70697bf3c5dc3d201341b01a1a8e5bc6d2fb48f8

View Patch ZIP pw:eip

Scores

CVSS v3 9.8

EPSS 0.0385

EPSS Percentile 88.8%

Attack Vector NETWORK

CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Details

CWE

CWE-190 CWE-787

Status published

Products (2)

linaro/op-tee < 3.3.0

trustedfirmware/op-tee < 3.3.0

Published Jul 15, 2019

Tracked Since Feb 18, 2026