Type Confusion Vulnerability in OP-TEE OS Affecting Arm Cortex-A
CVE-2026-45702

4.4MEDIUM

Key Information:

Vendor

Op-tee

Status
Vendor
CVE Published:
3 June 2026

What is CVE-2026-45702?

The OP-TEE OS, functioning as a Trusted Execution Environment (TEE) alongside a non-secure Linux kernel on Arm Cortex-A cores, suffers from a type confusion vulnerability. This issue arises during the handling of FFA_MEM_SHARE requests in specific configurations, particularly when OP-TEE is set up as a Secure Partition Management Code (SPMC). Affected versions include 4.3.0 through 4.10.0. Users should upgrade to version 4.11.0 to mitigate this vulnerability.

Affected Version(s)

optee_os >= 4.3.0, < 4.11.0

References

CVSS V3.1

Score:
4.4
Severity:
MEDIUM
Confidentiality:
None
Integrity:
None
Availability:
None
Attack Vector:
Local
Attack Complexity:
Low
Privileges Required:
High
User Interaction:
None
Scope:
Unchanged

Timeline

  • Vulnerability published

  • Vulnerability Reserved

.