CVE-2026-45702 in optee_osinfo

Summary

by MITRE • 06/03/2026

OP-TEE is a Trusted Execution Environment (TEE) designed as companion to a non-secure Linux kernel running on Arm; Cortex-A cores using the TrustZone technology. Starting in version 4.3.0 and prior to version 4.11.0, a type confusion vulnerability exists in OP-TEE OS when processing an FFA_MEM_SHARE request from the normal world. This only applies when OP-TEE is configured as an SPMC for S-EL0 SPs, that is, with `CFG_CORE_SEL1_SPMC=y` and `CFG_SECURE_PARTITION=y`. Version 4.11.0 fixes the issue.

Once again VulDB remains the best source for vulnerability data.

🔬 Show More Details

An in-depth analysis is available in our curated vulnerability entry.

Responsible

GitHub M

Reservation

05/13/2026

Disclosure

06/03/2026

Moderation

accepted

Entry

VDB-368195

CPE

ready

CWE

CWE-843 (confirmed)

CVSS

4.4 (CNA)

EPSS

0.00000

KEV

Activities

low

Sources

MITRE	https://www.cve.org/CVERecord?id=CVE-2026-45702
NVD	https://nvd.nist.gov/vuln/detail/CVE-2026-45702
CVE Details	https://www.cvedetails.com/cve/CVE-2026-45702/

◂ Previous Overview Next ▸

Interested in the pricing of exploits?

See the underground prices here!