Resource Leak Vulnerability in OP-TEE's Trusted Execution Environment for Arm Cortex-A Platforms
CVE-2026-42546
What is CVE-2026-42546?
A resource leak vulnerability has been identified in OP-TEE, a Trusted Execution Environment designed to work alongside a non-secure Linux kernel on Arm Cortex-A architectures. Starting from version 3.3.0 and up to 4.10.0, the cleanup logic for shared memory, specifically in the function cleanup_shm_refs(), does not correctly apply a required bitmask to parameter attributes. This flaw results in a failure to properly manage memory references, leading to an accumulation of mobj_reg_shm object references within the internal management system. Over time, these leaks can significantly degrade system performance by exhausting the secure-world heap resources, potentially hampering trusted application operations and necessitating a system reboot for recovery. Users are advised to update to version 4.11.0, where this issue is addressed.
Affected Version(s)
optee_os >= 3.3.0, < 4.11.0
