HarborGuardharborguardDatabase
Back to search
HIGHCVE-2026-45329Published Modified CNA GitHub_M

CVE-2026-45329: ESF-IDF: Out-of-Bounds Read in ESP-TEE Secure Service Wrappers

ESF-IDF is the Espressif Internet of Things (IOT) Development Framework. In versions 5.5.4 and 6.0, several ESP-TEE secure-service wrappers in esp_secure_services.c and esp_secure_services_iram.c validated only some of the caller-supplied pointer arguments, leaving input pointer arguments unchecked. Because the underlying TEE-protected hardware peripherals (e.g., ECC, SHA, SPI) run in RISC-V machine mode (M-mode) with full address-space access, a caller could supply pointers into TEE-exclusive memory as inputs, causing the peripheral to read TEE memory and return results derived from it to the REE. Depending on the wrapper, the result contains raw bytes from TEE memory, a computed function of TEE memory recoverable through repeated calls, or a single bit per call that forms an oracle for incremental disclosure of TEE-resident sensitive data. This issue has been patched in versions 5.5.5 and 6.0.1.

Metrics

CVSS v3.1
7.1
Severity
HIGH
Fixed in
Affected Products
1

Get notified

Email me when this CVE is updated: new fix versions, severity changes, or any record change.

HarborGuard Analysis

Synopsis

An out-of-bounds read vulnerability affects ESP-IDF versions 5.5.4 and 6.0, specifically in the ESP-TEE secure-service wrapper functions in esp_secure_services.c and esp_secure_services_iram.c. Because the TEE-protected hardware peripherals (ECC, SHA, SPI) operate in RISC-V machine mode with full address-space access, a local caller can supply attacker-controlled pointers into TEE-exclusive memory, causing those peripherals to read and return data derived from protected memory regions. Successful exploitation enables disclosure of sensitive TEE-resident secrets such as cryptographic keys or other protected data. A patched-image rebuild at versions 5.5.5 and 6.0.1 is available on HarborGuard for affected environments.

HarborGuard Coverage

Detection

Detection capability is available across every HarborGuard environment: the CVE is ingested from upstream advisory feeds within minutes of publication and matched against customer images in connected registries and CI/CD pipelines. This matching covers custom-built images that bundle ESP-IDF components directly, not only upstream base images.

Available
Triage

HarborGuard is capable of scoring this finding at CVSS 7.1 HIGH (v3.1) and weighting it against each environment's compliance policy to reflect organizational risk tolerance. Triage routing capability ensures the finding reaches the appropriate team inbox within each customer organization based on configured ownership rules.

Available
Patch

Because no upstream fix was available at the time of publication, HarborGuard re-checks the advisory each ingest cycle and will make a patched-image rebuild available automatically the moment versions 5.5.5 or 6.0.1 are confirmed upstream. For customers who opt into auto-remediation, the rebuild, regression-test run, and PR against affected workloads will be initiated without requiring manual intervention.

Pending upstream

Exploit Conditions

  • Network reachabilityNot required

    The attacker needs an existing shell or process on the host; no network access to the device is required to reach the vulnerable wrappers.

  • AuthenticationNot required

    No account credentials or privilege level are required to call the ESP-TEE secure-service wrappers from the REE (Rich Execution Environment) side.

  • Victim interactionNot required

    Exploitation is fully attacker-driven and does not require any action from another user or process.

  • Attack complexityDetail

    The exploit is reliable and condition-free at low complexity, though extracting full secrets via the single-bit oracle path requires repeated calls; no race conditions or memory-layout dependencies are involved.

Blast Radius

  • Reads raw bytes from TEE-exclusive memory regions, which may include private ECC keys, SHA intermediate state, or SPI-protected secrets.
  • Reconstructs full secret values incrementally through repeated wrapper calls that expose computed functions of TEE memory.
  • Uses the single-bit oracle path to perform bit-by-bit disclosure of TEE-resident sensitive data over a series of calls.
  • No integrity or availability impact: the host filesystem, peripheral configuration, and service uptime are unaffected by this exploit path.

How HarborGuard Handles This

Available on HarborGuard: the fix versions 5.5.5 and 6.0.1 were not published at CVE record time, so HarborGuard monitors the upstream Espressif advisory each ingest cycle and will surface a patched-image rebuild the moment those versions are confirmed. In the interim, compensating controls available within HarborGuard policy include flagging any image pinned to ESP-IDF 5.5.4 or 6.0 as non-compliant for deployment to production, applying network-policy isolation to limit which processes can invoke TEE service wrappers, and gating affected workloads behind a feature-flag or deployment hold until the upstream patch ships. For customers who opt into auto-remediation, HarborGuard will initiate a rebuild, regression-test run, and PR against affected workloads without requiring manual steps once the fix version is available upstream. Where compliance policy permits, median time from CVE publication to merged patch PR for high-severity issues is around 90 minutes after the upstream fix becomes available.

See how HarborGuard automates this
Affected packages
  • espressif / esp-idf
    = 6.0 · = 5.5.4
CVSS Vector
CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:C/C:H/I:N/A:N
References