Type Confusion Vulnerability in OP-TEE OS Affecting Arm Cortex-A
CVE-2026-45702
4.4MEDIUM
What is CVE-2026-45702?
The OP-TEE OS, functioning as a Trusted Execution Environment (TEE) alongside a non-secure Linux kernel on Arm Cortex-A cores, suffers from a type confusion vulnerability. This issue arises during the handling of FFA_MEM_SHARE requests in specific configurations, particularly when OP-TEE is set up as a Secure Partition Management Code (SPMC). Affected versions include 4.3.0 through 4.10.0. Users should upgrade to version 4.11.0 to mitigate this vulnerability.
Affected Version(s)
optee_os >= 4.3.0, < 4.11.0
