Logo
-

Byte Open Security

(ByteOS Network)

Log In

Sign Up

ByteOS

Security
Vulnerability Details
Registries
Custom Views
Weaknesses
Attack Patterns
Filters & Tools
Vulnerability Details :

CVE-2026-33317

Summary
Assigner-GitHub_M
Assigner Org ID-a0819718-46f1-4df5-94e2-005712e83aaa
Published At-24 Apr, 2026 | 02:20
Updated At-24 Apr, 2026 | 18:18
Rejected At-
Credits

OP-TEE: PKCS#11 TA out-of-bounds read and memory disclosure

OP-TEE is a Trusted Execution Environment (TEE) designed as companion to a non-secure Linux kernel running on Arm; Cortex-A cores using the TrustZone technology. In versions 3.13.0 through 4.10.0, missing checks in `entry_get_attribute_value()` in `ta/pkcs11/src/object.c` can lead to out-of-bounds read from the PKCS#11 TA heap or a crash. When chained with the OOB read, the PKCS#11 TA function `PKCS11_CMD_GET_ATTRIBUTE_VALUE` or `entry_get_attribute_value()` can, with a bad template parameter, be tricked into reading at most 7 bytes beyond the end of the template buffer and writing beyond the end of the template buffer with the content of an attribute value of a PKCS#11 object. Commits e031c4e562023fd9f199e39fd2e85797e4cbdca9, 16926d5a46934c46e6656246b4fc18385a246900, and 149e8d7ecc4ef8bb00ab4a37fd2ccede6d79e1ca contain patches and are anticipated to be part of version 4.11.0.

Vendors
-
Not available
Products
-
Metrics (CVSS)
VersionBase scoreBase severityVector
Weaknesses
Attack Patterns
Solution/Workaround
References
HyperlinkResource Type
EPSS History
Score
Latest Score
-
N/A
No data available for selected date range
Percentile
Latest Percentile
-
N/A
No data available for selected date range
Stakeholder-Specific Vulnerability Categorization (SSVC)
â–¼Common Vulnerabilities and Exposures (CVE)
cve.org
Assigner:GitHub_M
Assigner Org ID:a0819718-46f1-4df5-94e2-005712e83aaa
Published At:24 Apr, 2026 | 02:20
Updated At:24 Apr, 2026 | 18:18
Rejected At:
â–¼CVE Numbering Authority (CNA)
OP-TEE: PKCS#11 TA out-of-bounds read and memory disclosure

OP-TEE is a Trusted Execution Environment (TEE) designed as companion to a non-secure Linux kernel running on Arm; Cortex-A cores using the TrustZone technology. In versions 3.13.0 through 4.10.0, missing checks in `entry_get_attribute_value()` in `ta/pkcs11/src/object.c` can lead to out-of-bounds read from the PKCS#11 TA heap or a crash. When chained with the OOB read, the PKCS#11 TA function `PKCS11_CMD_GET_ATTRIBUTE_VALUE` or `entry_get_attribute_value()` can, with a bad template parameter, be tricked into reading at most 7 bytes beyond the end of the template buffer and writing beyond the end of the template buffer with the content of an attribute value of a PKCS#11 object. Commits e031c4e562023fd9f199e39fd2e85797e4cbdca9, 16926d5a46934c46e6656246b4fc18385a246900, and 149e8d7ecc4ef8bb00ab4a37fd2ccede6d79e1ca contain patches and are anticipated to be part of version 4.11.0.

Affected Products
Vendor
OP-TEE
Product
optee_os
Versions
Affected
  • >= 3.13.0, <= 4.10.0
Problem Types
TypeCWE IDDescription
CWECWE-125CWE-125: Out-of-bounds Read
CWECWE-787CWE-787: Out-of-bounds Write
Type: CWE
CWE ID: CWE-125
Description: CWE-125: Out-of-bounds Read
Type: CWE
CWE ID: CWE-787
Description: CWE-787: Out-of-bounds Write
Metrics
VersionBase scoreBase severityVector
3.18.7HIGH
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:L
Version: 3.1
Base score: 8.7
Base severity: HIGH
Vector:
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:L
Metrics Other Info
Impacts
CAPEC IDDescription
Solutions
Configurations
Workarounds
Exploits
Credits
Timeline
EventDate
Replaced By
Rejected Reason
References
HyperlinkResource
https://github.com/OP-TEE/optee_os/security/advisories/GHSA-8cqw-mg7v-c9p9
x_refsource_CONFIRM
https://github.com/OP-TEE/optee_os/commit/149e8d7ecc4ef8bb00ab4a37fd2ccede6d79e1ca
x_refsource_MISC
https://github.com/OP-TEE/optee_os/commit/16926d5a46934c46e6656246b4fc18385a246900
x_refsource_MISC
https://github.com/OP-TEE/optee_os/commit/e031c4e562023fd9f199e39fd2e85797e4cbdca9
x_refsource_MISC
Hyperlink: https://github.com/OP-TEE/optee_os/security/advisories/GHSA-8cqw-mg7v-c9p9
Resource:
x_refsource_CONFIRM
Hyperlink: https://github.com/OP-TEE/optee_os/commit/149e8d7ecc4ef8bb00ab4a37fd2ccede6d79e1ca
Resource:
x_refsource_MISC
Hyperlink: https://github.com/OP-TEE/optee_os/commit/16926d5a46934c46e6656246b4fc18385a246900
Resource:
x_refsource_MISC
Hyperlink: https://github.com/OP-TEE/optee_os/commit/e031c4e562023fd9f199e39fd2e85797e4cbdca9
Resource:
x_refsource_MISC
â–¼Authorized Data Publishers (ADP)
CISA ADP Vulnrichment
Affected Products
Metrics
VersionBase scoreBase severityVector
Metrics Other Info
Impacts
CAPEC IDDescription
Solutions
Configurations
Workarounds
Exploits
Credits
Timeline
EventDate
Replaced By
Rejected Reason
References
HyperlinkResource
Information is not available yet
â–¼National Vulnerability Database (NVD)
nvd.nist.gov
Source:security-advisories@github.com
Published At:24 Apr, 2026 | 03:16
Updated At:27 Apr, 2026 | 14:50

OP-TEE is a Trusted Execution Environment (TEE) designed as companion to a non-secure Linux kernel running on Arm; Cortex-A cores using the TrustZone technology. In versions 3.13.0 through 4.10.0, missing checks in `entry_get_attribute_value()` in `ta/pkcs11/src/object.c` can lead to out-of-bounds read from the PKCS#11 TA heap or a crash. When chained with the OOB read, the PKCS#11 TA function `PKCS11_CMD_GET_ATTRIBUTE_VALUE` or `entry_get_attribute_value()` can, with a bad template parameter, be tricked into reading at most 7 bytes beyond the end of the template buffer and writing beyond the end of the template buffer with the content of an attribute value of a PKCS#11 object. Commits e031c4e562023fd9f199e39fd2e85797e4cbdca9, 16926d5a46934c46e6656246b4fc18385a246900, and 149e8d7ecc4ef8bb00ab4a37fd2ccede6d79e1ca contain patches and are anticipated to be part of version 4.11.0.

CISA Catalog
Date AddedDue DateVulnerability NameRequired Action
N/A
Date Added: N/A
Due Date: N/A
Vulnerability Name: N/A
Required Action: N/A
Metrics
TypeVersionBase scoreBase severityVector
Secondary3.18.7HIGH
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:L
Type: Secondary
Version: 3.1
Base score: 8.7
Base severity: HIGH
Vector:
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:L
CPE Matches
linaro
linaro
>>op-tee>>Versions from 3.13.0(inclusive) to 4.10.0(inclusive)
cpe:2.3:o:linaro:op-tee:*:*:*:*:*:*:*:*
Weaknesses
CWE IDTypeSource
CWE-125Primarysecurity-advisories@github.com
CWE-787Primarysecurity-advisories@github.com
CWE ID: CWE-125
Type: Primary
Source: security-advisories@github.com
CWE ID: CWE-787
Type: Primary
Source: security-advisories@github.com
Evaluator Description
Evaluator Impact

Evaluator Solution

Vendor Statements
References
HyperlinkSourceResource
https://github.com/OP-TEE/optee_os/commit/149e8d7ecc4ef8bb00ab4a37fd2ccede6d79e1casecurity-advisories@github.com
Patch
https://github.com/OP-TEE/optee_os/commit/16926d5a46934c46e6656246b4fc18385a246900security-advisories@github.com
Patch
https://github.com/OP-TEE/optee_os/commit/e031c4e562023fd9f199e39fd2e85797e4cbdca9security-advisories@github.com
Patch
https://github.com/OP-TEE/optee_os/security/advisories/GHSA-8cqw-mg7v-c9p9security-advisories@github.com
Patch
Vendor Advisory
Exploit
Hyperlink: https://github.com/OP-TEE/optee_os/commit/149e8d7ecc4ef8bb00ab4a37fd2ccede6d79e1ca
Source: security-advisories@github.com
Resource:
Patch
Hyperlink: https://github.com/OP-TEE/optee_os/commit/16926d5a46934c46e6656246b4fc18385a246900
Source: security-advisories@github.com
Resource:
Patch
Hyperlink: https://github.com/OP-TEE/optee_os/commit/e031c4e562023fd9f199e39fd2e85797e4cbdca9
Source: security-advisories@github.com
Resource:
Patch
Hyperlink: https://github.com/OP-TEE/optee_os/security/advisories/GHSA-8cqw-mg7v-c9p9
Source: security-advisories@github.com
Resource:
Patch
Vendor Advisory
Exploit

Change History

0
Information is not available yet

Similar CVEs

6Records found
CVE-2019-1010298
Matching Score-6
Assigner-7556d962-6fb7-411e-85fa-6cd62f095ba8
ShareView Details
Matching Score-6
Assigner-7556d962-6fb7-411e-85fa-6cd62f095ba8
CVSS Score-9.8||CRITICAL
EPSS-5.46% / 90.23%
||
7 Day CHG~0.00%
Published-15 Jul, 2019 | 17:20
Updated-05 Aug, 2024 | 03:07
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Linaro/OP-TEE OP-TEE 3.3.0 and earlier is affected by: Buffer Overflow. The impact is: Code execution in the context of TEE core (kernel). The component is: optee_os. The fixed version is: 3.4.0 and later.

Action-Not Available
Vendor-linaroLinaro/OP-TEE
Product-op-teeOP-TEE
CWE ID-CWE-787
Out-of-bounds Write
CWE ID-CWE-190
Integer Overflow or Wraparound
CVE-2019-1010293
Matching Score-6
Assigner-7556d962-6fb7-411e-85fa-6cd62f095ba8
ShareView Details
Matching Score-6
Assigner-7556d962-6fb7-411e-85fa-6cd62f095ba8
CVSS Score-9.8||CRITICAL
EPSS-0.43% / 62.84%
||
7 Day CHG~0.00%
Published-15 Jul, 2019 | 17:29
Updated-05 Aug, 2024 | 03:07
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Linaro/OP-TEE OP-TEE 3.3.0 and earlier is affected by: Boundary crossing. The impact is: Memory corruption of the TEE itself. The component is: optee_os. The fixed version is: 3.4.0 and later.

Action-Not Available
Vendor-linaroLinaro/OP-TEE
Product-op-teeOP-TEE
CWE ID-CWE-787
Out-of-bounds Write
CVE-2019-1010295
Matching Score-6
Assigner-7556d962-6fb7-411e-85fa-6cd62f095ba8
ShareView Details
Matching Score-6
Assigner-7556d962-6fb7-411e-85fa-6cd62f095ba8
CVSS Score-9.8||CRITICAL
EPSS-0.46% / 64.14%
||
7 Day CHG~0.00%
Published-15 Jul, 2019 | 17:25
Updated-05 Aug, 2024 | 03:07
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Linaro/OP-TEE OP-TEE 3.3.0 and earlier is affected by: Buffer Overflow. The impact is: Memory corruption and disclosure of memory content. The component is: optee_os. The fixed version is: 3.4.0 and later.

Action-Not Available
Vendor-linaroLinaro/OP-TEE
Product-op-teeOP-TEE
CWE ID-CWE-787
Out-of-bounds Write
CWE ID-CWE-125
Out-of-bounds Read
CWE ID-CWE-20
Improper Input Validation
CVE-2019-1010297
Matching Score-6
Assigner-7556d962-6fb7-411e-85fa-6cd62f095ba8
ShareView Details
Matching Score-6
Assigner-7556d962-6fb7-411e-85fa-6cd62f095ba8
CVSS Score-9.8||CRITICAL
EPSS-1.07% / 77.85%
||
7 Day CHG~0.00%
Published-15 Jul, 2019 | 17:22
Updated-05 Aug, 2024 | 03:07
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Linaro/OP-TEE OP-TEE 3.3.0 and earlier is affected by: Buffer Overflow. The impact is: Execution of code in TEE core (kernel) context. The component is: optee_os. The fixed version is: 3.4.0 and later.

Action-Not Available
Vendor-linaroLinaro/OP-TEE
Product-op-teeOP-TEE
CWE ID-CWE-787
Out-of-bounds Write
CWE ID-CWE-190
Integer Overflow or Wraparound
CVE-2019-1010296
Matching Score-6
Assigner-7556d962-6fb7-411e-85fa-6cd62f095ba8
ShareView Details
Matching Score-6
Assigner-7556d962-6fb7-411e-85fa-6cd62f095ba8
CVSS Score-9.8||CRITICAL
EPSS-1.07% / 77.85%
||
7 Day CHG~0.00%
Published-15 Jul, 2019 | 17:24
Updated-05 Aug, 2024 | 03:07
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Linaro/OP-TEE OP-TEE 3.3.0 and earlier is affected by: Buffer Overflow. The impact is: Code execution in context of TEE core (kernel). The component is: optee_os. The fixed version is: 3.4.0 and later.

Action-Not Available
Vendor-linaroLinaro/OP-TEE
Product-op-teeOP-TEE
CWE ID-CWE-787
Out-of-bounds Write
CWE ID-CWE-190
Integer Overflow or Wraparound
CVE-2019-1010292
Matching Score-6
Assigner-7556d962-6fb7-411e-85fa-6cd62f095ba8
ShareView Details
Matching Score-6
Assigner-7556d962-6fb7-411e-85fa-6cd62f095ba8
CVSS Score-9.8||CRITICAL
EPSS-0.43% / 62.84%
||
7 Day CHG~0.00%
Published-16 Jul, 2019 | 13:18
Updated-05 Aug, 2024 | 03:07
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Linaro/OP-TEE OP-TEE Prior to version v3.4.0 is affected by: Boundary checks. The impact is: This could lead to corruption of any memory which the TA can access. The component is: optee_os. The fixed version is: v3.4.0.

Action-Not Available
Vendor-linaroLinaro/OP-TEE
Product-op-teeOP-TEE
CWE ID-CWE-787
Out-of-bounds Write
Details not found