2 matches found
CVE-2026-44362 OP-TEE's subkey rollback protection can be bypassed with older subkey versions
OP-TEE is a Trusted Execution Environment TEE designed as companion to a non-secure Linux kernel running on Arm; Cortex-A cores using the TrustZone technology. Starting in version 3.20.0 and prior to version 4.11.0, a vulnerability in OP-TEE’s subkey rollback protection allows the use of revoked ...
CVE-2026-44362
OP-TEE (trusted execution environment for Arm TrustZone) has a vulnerability in subkey rollback protection affecting versions 3.20.0 through 4.10.x; during TA loading, shdr_load_pub_key() fails to propagate subkey_version into the runtime structure, so key->version stays zero. When check_updat...