CVE-2026-40290

OP-TEE is a Trusted Execution Environment TEE designed as companion to a non-secure Linux kernel running on Arm; Cortex-A cores using the TrustZone technology. Starting in version 3.16.0 and prior to 4.11.0, a user-after-free UAF race condition exists in the shared memory teardown logic of FF-A...

Astra Linux - уязвимость в linux-6.1, linux-5.10, linux-5.15

In the Linux kernel, the following vulnerability has been resolved: tee: Fix NULL pointer dereference in teeshmput teeshmput has a NULL pointer dereference: opteedisableshmcache shm = regpairtoptr...; // shm may return NULL teeshmfreeshm; teeshmputshm; // results in a crash Add a check in teeshmp...

Astra Linux - уязвимость в linux, linux-5.10

A use-after-free exists in the drivers/tee/teeshm.c file within the TEE subsystem of the Linux kernel, as of version 5.15.11. This issue arises due to a race condition during the teeshmgetfromid function, when attempting to free a shared memory object...

Astra Linux - уязвимость в linux-5.10, linux-6.1, linux-5.15

In the Linux kernel, the following vulnerability has been resolved: tee: optee: Fixed the kernel panic caused by incorrect error handling. The error path when failing to register devices on the TEE bus contains a bug that leads to kernel panic. The details are as follows: 15.398930 Unable to hand...

CVE-2025-66660

Insufficient parameter sanitization in TEE SOC Driver could allow an attacker to issue a malformed DRVSOCCMDIDSRIOVCHECKTACOMPAT to cause incorrect shared memory mapping, potentially resulting in unexpected behavior...

EUVD-2025-209877

Insufficient parameter sanitization in TEE SOC Driver could allow an attacker to issue a malformed DRVSOCCMDIDSRIOVCHECKTACOMPAT to cause incorrect shared memory mapping, potentially resulting in unexpected behavior...

CVE-2025-66660

Insufficient parameter sanitization in TEE SOC Driver could allow an attacker to issue a malformed DRVSOCCMDIDSRIOVCHECKTACOMPAT to cause incorrect shared memory mapping, potentially resulting in unexpected behavior...

CVE-2025-66660

CVE-2025-66660 affects the TEE SOC Driver. Root cause: insufficient parameter sanitization that could let an attacker issue a malformed DRV_SOC_CMD_ID_SRIOV_CHECK_TA_COMPAT, causing incorrect shared memory mapping and potentially leading to unexpected behavior. Exploitation is described as local ...

CVE-2026-0428

Insufficient parameter sanitization in TEE SOC Driver could allow an attacker to issue a malformed DRVSOCCMDIDSRIOVCOPYVFCHIPLETREGS to write invalid data to a remote Die, potentially resulting in unexpected behavior...

EUVD-2026-30500

Insufficient parameter sanitization in TEE SOC Driver could allow an attacker to issue a malformed DRVSOCCMDIDSRIOVCOPYVFCHIPLETREGS to write invalid data to a remote Die, potentially resulting in unexpected behavior...

CVE-2026-0428

Insufficient parameter sanitization in TEE SOC Driver could allow an attacker to issue a malformed DRVSOCCMDIDSRIOVCOPYVFCHIPLETREGS to write invalid data to a remote Die, potentially resulting in unexpected behavior...

PT-2026-41257

Insufficient parameter sanitization in AMD Secure Processor ASP TEE SOC Driver could allow an attacker to issue a malformed DRV SOC CMD ID LOAD GFX IP FW SR-IOV command to cause out-of-bounds read, potentially resulting in SOC Driver memory contents exposure or an exception...

PT-2026-41259

Insufficient parameter sanitization in TEE SOC Driver could allow an attacker to issue a malformed DRV SOC CMD ID SRIOV COPY VF CHIPLET REGS to write invalid data to a remote Die, potentially resulting in unexpected behavior...

EUVD-2025-209749

In the Linux kernel, the following vulnerability has been resolved: Revert "arm64: zynqmp: Add an OP-TEE node to the device tree" This reverts commit 06d22ed6b6635b17551f386b50bb5aaff9b75fbe. OP-TEE logic in U-Boot automatically injects a reserved-memory node along with optee firmware node to...

Astra Linux - уязвимость в linux-5.10

In the Linux kernel, the following vulnerabilities have been resolved: tee: amdtee: fixed an issue where ISERR returned NULL instead of an error pointer. The getfreepages function does not return error pointers; it returns NULL instead. Therefore, this condition needs to be corrected to avoid NUL...

Astra Linux - уязвимость в linux-5.10, linux-5.15, linux

In the Linux kernel, the following vulnerability has been resolved: tee: added a overflow check in registershmhelper When special lengths are provided by the user space, registershmhelper may cause an integer overflow when calculating the number of pages covered by a given user space memory regio...

CVE-2026-33662

OP-TEE (Trusted Execution Environment) has a concrete vulnerability in RSASSA PKCS#1 v1.5 padding. Affected versions are 3.8.0–4.10; the padding size (PS) is computed as modulus size minus digest/EMSA fields in emsa_pkcs1_v1_5_encode() (rsassa.c). If the modulus is small enough, this subtraction ...

SUSE CVE-2026-31507

In the Linux kernel, the following vulnerability has been resolved: net/smc: fix double-free of smcspdpriv when tee duplicates splice pipe buffer smcrxsplice allocates one smcspdpriv per pipebuffer and stores the pointer in pipebuffer.private. The pipebufoperations for these buffers used .get =...

CVE-2026-31507

A flaw was found in the Linux kernel's Stream Control Transmission Protocol SMC module. A local user can exploit this vulnerability by using the tee2 system call to duplicate a splice pipe buffer, leading to a double-free condition. This double-free can result in a use-after-free error and a kern...

EUVD-2026-24885

In the Linux kernel, the following vulnerability has been resolved: net/smc: fix double-free of smcspdpriv when tee duplicates splice pipe buffer smcrxsplice allocates one smcspdpriv per pipebuffer and stores the pointer in pipebuffer.private. The pipebufoperations for these buffers used .get =...