Op-tee

This hub aggregates every CVE we track for Op-tee, a product in the security products space. Use it to gauge the current risk picture and drill into individual advisories.

Severity distribution

Monthly trend

The 15 most recently published vulnerabilities affecting Op-tee.

• CVE-2026-45702OP-TEE has FF-A type confusion in SPMC tmem path that causes S-EL1 kernel panic4.4Jun 3, 2026
• CVE-2026-45614OP-TEE vulnerable to ECDH private key recovery4.7Jun 3, 2026
• CVE-2026-40290OP-TEE has a Use-After-Free race in FF-A shared-memory teardown7.8Jun 3, 2026
• CVE-2026-33662OP-TEE: RSASSA EMSA- PKCS1-v1_5 underflow in emsa_pkcs1_v1_5_encode()7.5Apr 24, 2026
• CVE-2026-33317OP-TEE: PKCS#11 TA out-of-bounds read and memory disclosure8.7Apr 24, 2026
• CVE-2023-41325OP-TEE double free in shdr_verify_signature7.4Sep 15, 2023
• CVE-2022-47549An unprotected memory-access operation in optee_os in TrustedFirmware Open Portable Trusted Execution Environment (OP-TEE) before 3.20 allows a physically proximate adversary to bypass signature ve...6.4Dec 19, 2022
• CVE-2022-46152OP-TEE Trusted OS vulnerable to Improper Validation of Array Index in the cleanup_shm_refs function8.2Nov 29, 2022
• CVE-2021-44149An issue was discovered in Trusted Firmware OP-TEE Trusted OS through 3.15.0. The OPTEE-OS CSU driver for NXP i.MX6UL SoC devices lacks security access configuration for wakeup-related registers, r...7.8Dec 7, 2021
• CVE-2021-36133The OPTEE-OS CSU driver for NXP i.MX SoC devices lacks security access configuration for several models, resulting in TrustZone bypass because the NonSecure World can perform arbitrary memory read/...7.1Dec 7, 2021
• CVE-2019-25052In Linaro OP-TEE before 3.7.0, by using inconsistent or malformed data, it is possible to call update and final cryptographic functions directly, causing a crash that could leak sensitive information.9.1Aug 11, 2021
• CVE-2020-13799Western Digital has identified a security vulnerability in the Replay Protected Memory Block (RPMB) protocol as specified in multiple standards for storage device interfaces, including all versions...6.8Nov 18, 2020
• CVE-2019-1010292Linaro/OP-TEE OP-TEE Prior to version v3.4.0 is affected by: Boundary checks. The impact is: This could lead to corruption of any memory which the TA can access. The component is: optee_os. The fix...9.8Jul 16, 2019
• CVE-2019-1010293Linaro/OP-TEE OP-TEE 3.3.0 and earlier is affected by: Boundary crossing. The impact is: Memory corruption of the TEE itself. The component is: optee_os. The fixed version is: 3.4.0 and later.9.8Jul 15, 2019
• CVE-2019-1010294Linaro/OP-TEE OP-TEE 3.3.0 and earlier is affected by: Rounding error. The impact is: Potentially leaking code and/or data from previous Trusted Application. The component is: optee_os. The fixed v...7.5Jul 15, 2019