CVE-2026-45702

A flaw was found in OP-TEE OS, a Trusted Execution Environment TEE for Arm Cortex-A cores. A type confusion vulnerability exists when OP-TEE OS processes an FFAMEMSHARE request from the normal world. This flaw can be exploited by a local attacker with high privileges when OP-TEE is configured as ...

CVE-2026-45702 OP-TEE has FF-A type confusion in SPMC tmem path that causes S-EL1 kernel panic

OP-TEE is a Trusted Execution Environment TEE designed as companion to a non-secure Linux kernel running on Arm; Cortex-A cores using the TrustZone technology. Starting in version 4.3.0 and prior to version 4.11.0, a type confusion vulnerability exists in OP-TEE OS when processing an FFAMEMSHARE...

PT-2026-46006

Name of the Vulnerable Software and Affected Versions OP-TEE versions 3.16.0 through 4.10.x Description A use-after-free race condition exists in the shared memory teardown logic of FF-A within SPMC/SP flows. This occurs when OP-TEE is configured as an SPMC for S-EL0 SPs using CFG SECURE...

Linux Distros Unpatched Vulnerability : CVE-2026-40290

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - OP-TEE is a Trusted Execution Environment TEE designed as companion to a non-secure Linux kernel running on Arm; Cortex-A cores using the TrustZone technology...

Astra Linux - уязвимость в linux-6.1

In the Linux kernel, the following vulnerability has been resolved: arm64: Errata: Add a workaround for speculative unprivileged loads on Cortex-A520. Implement the workaround according to erratum 2966298 for ARM Cortex-A520. On an affected Cortex-A520 core, a speculative unprivileged load may le...

EUVD-2025-203819

Ampere AmpereOne AC03 devices before 3.5.9.3, AmpereOne AC04 devices before 4.4.5.2, and AmpereOne M devices before 5.4.5.1 allow an incorrectly formed SMC call to UEFI-MM Boot Error Record Table driver that could result in 1 an out-of-bounds read which leaks Secure-EL0 information to a process...

CVE-2025-62863

Ampere AmpereOne AC03 devices before 3.5.9.3, AmpereOne AC04 devices before 4.4.5.2, and AmpereOne M devices before 5.4.5.1 allow an incorrectly formed SMC call to UEFI-MM PCIe driver that could result in an out-of-bounds write within PCIe driver’s S-EL0 address space...

CVE-2025-62862

Ampere AmpereOne AC03 devices before 3.5.9.3, AmpereOne AC04 devices before 4.4.5.2, and AmpereOne M devices before 5.4.5.1 allow an incorrectly formed SMC call to UEFI-MM Boot Error Record Table driver that could result in 1 an out-of-bounds read which leaks Secure-EL0 information to a process...

PT-2025-51754

Name of the Vulnerable Software and Affected Versions Ampere AmpereOne AC03 versions prior to 3.5.9.3 Ampere AmpereOne AC04 versions prior to 4.4.5.2 Ampere AmpereOne M versions prior to 5.4.5.1 Description The software contains a flaw related to an incorrectly formed SMC call to the UEFI-MM Boot...

SUSE CVE-2017-13218

Access to CNTVCTEL0 in Small Cell SoC, Snapdragon Automobile, Snapdragon Mobile and Snapdragon Wear could be used for side channel attacks and this could lead to local information disclosure with no additional execution privileges needed in FSM9055, IPQ4019, IPQ8064, MDM9206, MDM9607, MDM9635M,...

CVE-2018-11847

CVE-2018-11847: A vulnerability where a malicious TA can tag QSEE kernel memory and map it into EL0, enabling corruption of physical memory and the QSEE kernel, effectively compromising the entire TEE. Affected platforms include Snapdragon Auto, Compute, Connectivity, Consumer Electronics Connect...

Multiple Qualcomm Product Input Validation Vulnerabilities (CNVD-2019-01714)

Qualcomm IPQ8074 and others are central processing unit CPU products from Qualcomm Incorporated for various platforms.Content Protection is one of the content protection components. An input validation vulnerability in Content Protection in multiple Qualcomm products can be exploited by a remote...

ARM Trusted Firmware Information Disclosure Vulnerability

ARM Trusted Firmware is an implementation of multiple ARM interface standards. An information disclosure vulnerability exists in ARM Trusted Firmware version 1.4 and earlier, which stems from a program's failure to initialize or save/store the PMCREL0 register and can be exploited by an attacker ...

CVE-2017-15031

In all versions of ARM Trusted Firmware up to and including v1.4, not initializing or saving/restoring the PMCREL0 register can leak secure world timing information...