Integer Overflow Vulnerability in OP-TEE Affected by 32-bit Issue in Arm Technology
CVE-2026-53763

3.8LOW

Key Information:

Vendor

Op-tee

Status
Vendor
CVE Published:
6 July 2026

What is CVE-2026-53763?

A vulnerability exists in OP-TEE, a Trusted Execution Environment for Arm Cortex-A cores, due to integer overflows in the AES-GCM implementation. This issue arises after processing more than 512 megabytes of payload or Additional Authenticated Data, which results in incorrect computation of the authentication tag's bit-length values. Affected versions include those prior to 4.11.0, with a patch available in version 4.11.0. Users are advised to upgrade, as no alternatives or workarounds are currently provided.

Affected Version(s)

optee_os >= 3.0.0, < 4.11.0

References

CVSS V3.0

Score:
3.8
Severity:
LOW
Confidentiality:
None
Integrity:
Low
Availability:
None
Attack Vector:
Local
Attack Complexity:
Low
Privileges Required:
Low
User Interaction:
None
Scope:
Changed

Timeline

  • Vulnerability published

  • Vulnerability Reserved

.