OP-TEE has FF-A type confusion in SPMC tmem path that causes S-EL1 kernel panic
CVE-2026-45702

4.4MEDIUM

Key Information:

Vendor: Op-tee
Status: Optee Os
Vendor: CVE Published:; 3 June 2026

What is CVE-2026-45702?

OP-TEE is a Trusted Execution Environment (TEE) designed as companion to a non-secure Linux kernel running on Arm; Cortex-A cores using the TrustZone technology. Starting in version 4.3.0 and prior to version 4.11.0, a type confusion vulnerability exists in OP-TEE OS when processing an FFA_MEM_SHARE request from the normal world. This only applies when OP-TEE is configured as an SPMC for S-EL0 SPs, that is, with CFG_CORE_SEL1_SPMC=y and CFG_SECURE_PARTITION=y. Version 4.11.0 fixes the issue.

Affected Version(s)

optee_os >= 4.3.0, < 4.11.0

References

https://github.com/OP-TEE/optee_os/security/advisories/GH...

x_refsource_CONFIRM

CVSS V3.1

Score:

4.4

Severity:

MEDIUM

Confidentiality:

None

Integrity:

None

Availability:

None

Attack Vector:

Local

Attack Complexity:

Low

Privileges Required:

High

User Interaction:

None

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Jun 3, 2026
Vulnerability Reserved
May 13, 2026

CVE-2026-45702 Data

JSON

Op-tee

What is CVE-2026-45702?

Affected Version(s)

References

CVSS V3.1

Timeline