VYPR
Medium severity4.4NVD Advisory· Published Jun 3, 2026· Updated Jun 5, 2026

CVE-2026-45702

CVE-2026-45702

Description

OP-TEE is a Trusted Execution Environment (TEE) designed as companion to a non-secure Linux kernel running on Arm; Cortex-A cores using the TrustZone technology. Starting in version 4.3.0 and prior to version 4.11.0, a type confusion vulnerability exists in OP-TEE OS when processing an FFA_MEM_SHARE request from the normal world. This only applies when OP-TEE is configured as an SPMC for S-EL0 SPs, that is, with CFG_CORE_SEL1_SPMC=y and CFG_SECURE_PARTITION=y. Version 4.11.0 fixes the issue.

AI Insight

LLM-synthesized narrative grounded in this CVE's description and references.

Affected products

2
  • cpe:2.3:o:trustedfirmware:op-tee:*:*:*:*:*:*:*:*
    Range: >=4.3.0,<=4.10.0
  • Op Tee/Optee OSllm-fuzzy
    Range: 4.3.0 <= x < 4.11.0

Patches

Vulnerability mechanics

References

1

News mentions

0

No linked articles in our index yet.