Op Tee

CVEs (17)

CVE	Vendor / Product	Sev	Risk	CVSS	EPSS	Published	Description
CVE-2019-1010292	Linaro Op Tee	Cri	0.64	9.8	0.02	Jul 16, 2019	Linaro/OP-TEE OP-TEE Prior to version v3.4.0 is affected by: Boundary checks. The impact is: This could lead to corruption of any memory which the TA can access. The component is: optee_os. The fixed version is: v3.4.0.
CVE-2019-1010298	Linaro Op Tee	Cri	0.64	9.8	0.04	Jul 15, 2019	Linaro/OP-TEE OP-TEE 3.3.0 and earlier is affected by: Buffer Overflow. The impact is: Code execution in the context of TEE core (kernel). The component is: optee_os. The fixed version is: 3.4.0 and later.
CVE-2019-1010297	Linaro Op Tee	Cri	0.64	9.8	0.03	Jul 15, 2019	Linaro/OP-TEE OP-TEE 3.3.0 and earlier is affected by: Buffer Overflow. The impact is: Execution of code in TEE core (kernel) context. The component is: optee_os. The fixed version is: 3.4.0 and later.
CVE-2019-1010293	Linaro Op Tee	Cri	0.64	9.8	0.02	Jul 15, 2019	Linaro/OP-TEE OP-TEE 3.3.0 and earlier is affected by: Boundary crossing. The impact is: Memory corruption of the TEE itself. The component is: optee_os. The fixed version is: 3.4.0 and later.
CVE-2019-25052	Arm Op Tee	Cri	0.59	9.1	0.01	Aug 11, 2021	In Linaro OP-TEE before 3.7.0, by using inconsistent or malformed data, it is possible to call update and final cryptographic functions directly, causing a crash that could leak sensitive information.
CVE-2022-46152	Arm Op Tee	Hig	0.53	8.2	0.00	Nov 29, 2022	OP-TEE Trusted OS is the secure side implementation of OP-TEE project, a Trusted Execution Environment. Versions prior to 3.19.0, contain an Improper Validation of Array Index vulnerability. The function `cleanup_shm_refs()` is called by both `entry_invoke_command()` and…
CVE-2026-40290	Arm Op Tee	Hig	0.51	7.8	0.00	Jun 3, 2026	OP-TEE is a Trusted Execution Environment (TEE) designed as companion to a non-secure Linux kernel running on Arm; Cortex-A cores using the TrustZone technology. Starting in version 3.16.0 and prior to 4.11.0, a user-after-free (UAF) race condition exists in the shared memory…
CVE-2021-44149	Arm Op Tee	Hig	0.51	7.8	0.00	Dec 7, 2021	An issue was discovered in Trusted Firmware OP-TEE Trusted OS through 3.15.0. The OPTEE-OS CSU driver for NXP i.MX6UL SoC devices lacks security access configuration for wakeup-related registers, resulting in TrustZone bypass because the NonSecure World can perform arbitrary…
CVE-2026-33317	Arm Op Tee	Hig	0.50	8.7	0.00	Apr 24, 2026	OP-TEE is a Trusted Execution Environment (TEE) designed as companion to a non-secure Linux kernel running on Arm; Cortex-A cores using the TrustZone technology. In versions 3.13.0 through 4.10.0, missing checks in `entry_get_attribute_value()` in `ta/pkcs11/src/object.c` can…
CVE-2026-33662	Arm Op Tee	Hig	0.49	7.5	0.00	Apr 24, 2026	OP-TEE is a Trusted Execution Environment (TEE) designed as companion to a non-secure Linux kernel running on Arm; Cortex-A cores using the TrustZone technology. From 3.8.0 to 4.10, in the function emsa_pkcs1_v1_5_encode() in core/drivers/crypto/crypto_api/acipher/rsassa.c, the…
CVE-2019-1010294	Linaro Op Tee	Hig	0.49	7.5	0.01	Jul 15, 2019	Linaro/OP-TEE OP-TEE 3.3.0 and earlier is affected by: Rounding error. The impact is: Potentially leaking code and/or data from previous Trusted Application. The component is: optee_os. The fixed version is: 3.4.0 and later.
CVE-2016-6129	Libtom Libtomcrypt	Hig	0.49	7.5	0.01	Feb 13, 2017	The rsa_verify_hash_ex function in rsa_verify_hash.c in LibTomCrypt, as used in OP-TEE before 2.2.0, does not validate that the message length is equal to the ASN.1 encoded data length, which makes it easier for remote attackers to forge RSA signatures or public certificates by…
CVE-2023-41325	Arm Op Tee	Hig	0.48	7.4	0.00	Sep 15, 2023	OP-TEE is a Trusted Execution Environment (TEE) designed as companion to a non-secure Linux kernel running on Arm; Cortex-A cores using the TrustZone technology. Starting in version 3.20 and prior to version 3.22, `shdr_verify_signature` can make a double free.…
CVE-2021-36133	Nxp i.MX SoC	Hig	0.46	7.1	0.00	Dec 7, 2021	The OPTEE-OS CSU driver for NXP i.MX SoC devices lacks security access configuration for several models, resulting in TrustZone bypass because the NonSecure World can perform arbitrary memory read/write operations on Secure World memory. This involves a DMA capable peripheral.
CVE-2020-13799	Westerndigital RPMB Protocol	Med	0.44	6.8	0.00	Nov 18, 2020	Western Digital has identified a security vulnerability in the Replay Protected Memory Block (RPMB) protocol as specified in multiple standards for storage device interfaces, including all versions of eMMC, UFS, and NVMe. The RPMB protocol is specified by industry standards…
CVE-2022-47549	Arm Op Tee	Med	0.42	6.4	0.00	Dec 19, 2022	An unprotected memory-access operation in optee_os in TrustedFirmware Open Portable Trusted Execution Environment (OP-TEE) before 3.20 allows a physically proximate adversary to bypass signature verification and install malicious trusted applications via electromagnetic fault…
CVE-2018-12437	Libtom Libtomcrypt	Med	0.32	4.9	0.01	Jun 15, 2018	LibTomCrypt through 1.18.1 allows a memory-cache side-channel attack on ECDSA signatures, aka the Return Of the Hidden Number Problem or ROHNP. To discover an ECDSA key, the attacker needs access to either the local machine or a different virtual machine on the same physical…

CVE-2019-1010292CriJul 16, 2019
Linaro
Op Tee
risk 0.64cvss 9.8epss 0.02
Linaro/OP-TEE OP-TEE Prior to version v3.4.0 is affected by: Boundary checks. The impact is: This could lead to corruption of any memory which the TA can access. The component is: optee_os. The fixed version is: v3.4.0.
CVE-2019-1010298CriJul 15, 2019
Linaro
Op Tee
risk 0.64cvss 9.8epss 0.04
Linaro/OP-TEE OP-TEE 3.3.0 and earlier is affected by: Buffer Overflow. The impact is: Code execution in the context of TEE core (kernel). The component is: optee_os. The fixed version is: 3.4.0 and later.
CVE-2019-1010297CriJul 15, 2019
Linaro
Op Tee
risk 0.64cvss 9.8epss 0.03
Linaro/OP-TEE OP-TEE 3.3.0 and earlier is affected by: Buffer Overflow. The impact is: Execution of code in TEE core (kernel) context. The component is: optee_os. The fixed version is: 3.4.0 and later.
CVE-2019-1010293CriJul 15, 2019
Linaro
Op Tee
risk 0.64cvss 9.8epss 0.02
Linaro/OP-TEE OP-TEE 3.3.0 and earlier is affected by: Boundary crossing. The impact is: Memory corruption of the TEE itself. The component is: optee_os. The fixed version is: 3.4.0 and later.
CVE-2019-25052CriAug 11, 2021
Arm
Op Tee
risk 0.59cvss 9.1epss 0.01
In Linaro OP-TEE before 3.7.0, by using inconsistent or malformed data, it is possible to call update and final cryptographic functions directly, causing a crash that could leak sensitive information.
CVE-2022-46152HigNov 29, 2022
Arm
Op Tee
risk 0.53cvss 8.2epss 0.00
OP-TEE Trusted OS is the secure side implementation of OP-TEE project, a Trusted Execution Environment. Versions prior to 3.19.0, contain an Improper Validation of Array Index vulnerability. The function `cleanup_shm_refs()` is called by both `entry_invoke_command()` and…
CVE-2026-40290HigJun 3, 2026
Arm
Op Tee
risk 0.51cvss 7.8epss 0.00
OP-TEE is a Trusted Execution Environment (TEE) designed as companion to a non-secure Linux kernel running on Arm; Cortex-A cores using the TrustZone technology. Starting in version 3.16.0 and prior to 4.11.0, a user-after-free (UAF) race condition exists in the shared memory…
CVE-2021-44149HigDec 7, 2021
Arm
Op Tee
risk 0.51cvss 7.8epss 0.00
An issue was discovered in Trusted Firmware OP-TEE Trusted OS through 3.15.0. The OPTEE-OS CSU driver for NXP i.MX6UL SoC devices lacks security access configuration for wakeup-related registers, resulting in TrustZone bypass because the NonSecure World can perform arbitrary…
CVE-2026-33317HigApr 24, 2026
Arm
Op Tee
risk 0.50cvss 8.7epss 0.00
OP-TEE is a Trusted Execution Environment (TEE) designed as companion to a non-secure Linux kernel running on Arm; Cortex-A cores using the TrustZone technology. In versions 3.13.0 through 4.10.0, missing checks in `entry_get_attribute_value()` in `ta/pkcs11/src/object.c` can…
CVE-2026-33662HigApr 24, 2026
Arm
Op Tee
risk 0.49cvss 7.5epss 0.00
OP-TEE is a Trusted Execution Environment (TEE) designed as companion to a non-secure Linux kernel running on Arm; Cortex-A cores using the TrustZone technology. From 3.8.0 to 4.10, in the function emsa_pkcs1_v1_5_encode() in core/drivers/crypto/crypto_api/acipher/rsassa.c, the…
CVE-2019-1010294HigJul 15, 2019
Linaro
Op Tee
risk 0.49cvss 7.5epss 0.01
Linaro/OP-TEE OP-TEE 3.3.0 and earlier is affected by: Rounding error. The impact is: Potentially leaking code and/or data from previous Trusted Application. The component is: optee_os. The fixed version is: 3.4.0 and later.
CVE-2016-6129HigFeb 13, 2017
Libtom
Libtomcrypt
risk 0.49cvss 7.5epss 0.01
The rsa_verify_hash_ex function in rsa_verify_hash.c in LibTomCrypt, as used in OP-TEE before 2.2.0, does not validate that the message length is equal to the ASN.1 encoded data length, which makes it easier for remote attackers to forge RSA signatures or public certificates by…
CVE-2023-41325HigSep 15, 2023
Arm
Op Tee
risk 0.48cvss 7.4epss 0.00
OP-TEE is a Trusted Execution Environment (TEE) designed as companion to a non-secure Linux kernel running on Arm; Cortex-A cores using the TrustZone technology. Starting in version 3.20 and prior to version 3.22, `shdr_verify_signature` can make a double free.…
CVE-2021-36133HigDec 7, 2021
Nxp
i.MX SoC
risk 0.46cvss 7.1epss 0.00
The OPTEE-OS CSU driver for NXP i.MX SoC devices lacks security access configuration for several models, resulting in TrustZone bypass because the NonSecure World can perform arbitrary memory read/write operations on Secure World memory. This involves a DMA capable peripheral.
CVE-2020-13799MedNov 18, 2020
Westerndigital
RPMB Protocol
risk 0.44cvss 6.8epss 0.00
Western Digital has identified a security vulnerability in the Replay Protected Memory Block (RPMB) protocol as specified in multiple standards for storage device interfaces, including all versions of eMMC, UFS, and NVMe. The RPMB protocol is specified by industry standards…
CVE-2022-47549MedDec 19, 2022
Arm
Op Tee
risk 0.42cvss 6.4epss 0.00
An unprotected memory-access operation in optee_os in TrustedFirmware Open Portable Trusted Execution Environment (OP-TEE) before 3.20 allows a physically proximate adversary to bypass signature verification and install malicious trusted applications via electromagnetic fault…
CVE-2018-12437MedJun 15, 2018
Libtom
Libtomcrypt
risk 0.32cvss 4.9epss 0.01
LibTomCrypt through 1.18.1 allows a memory-cache side-channel attack on ECDSA signatures, aka the Return Of the Hidden Number Problem or ROHNP. To discover an ECDSA key, the attacker needs access to either the local machine or a different virtual machine on the same physical…