Description
OP-TEE is a Trusted Execution Environment (TEE) designed as companion to a non-secure Linux kernel running on Arm; Cortex-A cores using the TrustZone technology. Starting in version 3.3.0 and prior to version 4.11.0, a resource leak exists in OP-TEE’s shared memory cleanup logic because the function `cleanup_shm_refs()` in `core/tee/entry_std.c` fails to apply a required bitmask (`OPTEE_MSG_ATTR_TYPE_MASK`) to parameter attributes. When processing non-contiguous memory parameters from a normal-world caller, the system fails to match the attribute type in its internal switch statement and skips the necessary mobj_put() call. This results in a persistent reference leak of `mobj_reg_shm` objects, which remain on internal lists with dangling refcounts. This affects non-FF-A configurations that support non-contiguous, non-secure shared memory. Over time, these accumulated leaks progressively consume the secure-world heap, degrading the system's ability to service trusted application operations and eventually requiring a reboot to recover. Version 4.11.0 contains a patch. No known workarounds are available.
Published: 2026-07-06
Score: 3.8 Low
EPSS: < 1% Very Low
KEV: No
Impact: n/a
Action: n/a
AI Analysis

Impact

A missing bitmask in OP‑TEE’s shared memory cleanup routine causes mobj reference objects to be retained instead of released, leading to a persistent memory leak. Over time these leaked objects consume the secure‑world heap, degrading the TEE’s ability to service trusted application operations and eventually necessitating a reboot to recover. The weakness is captured by CWE‑770: Excessive Allocation of Resources.

Affected Systems

OP-TEE OS versions from 3.3.0 up to 4.10.9 are affected in non‑FF‑A configurations that support non‑contiguous, non‑secure shared memory. The issue was fixed in version 4.11.0.

Risk and Exploitability

The CVSS score of 3.8 indicates low severity, the EPSS score is less than 1 % and the vulnerability is not listed in CISA KEV. The likely attack vector is through a local or privileged attacker in the normal world who can repeatedly allocate shared memory; this can trigger a denial‑of‑service via heap exhaustion. No remote code execution or privilege escalation is possible according to the current description.

Generated by OpenCVE AI on July 10, 2026 at 06:55 UTC.

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

  • Upgrade OP‑TEE OS to version 4.11.0 or later to apply the patch
  • Plan periodic restarts of the TEE to clear any lingering mobj references and recover heap space
  • Monitor secure‑world heap usage and set alerts for abnormal growth to detect early signs of resource exhaustion

Generated by OpenCVE AI on July 10, 2026 at 06:55 UTC.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

History

Mon, 06 Jul 2026 22:45:00 +0000

Type Values Removed Values Added
First Time appeared Op-tee
Op-tee op-tee Os
Vendors & Products Op-tee
Op-tee op-tee Os

Mon, 06 Jul 2026 21:30:00 +0000

Type Values Removed Values Added
Metrics ssvc

{'options': {'Automatable': 'no', 'Exploitation': 'none', 'Technical Impact': 'partial'}, 'version': '2.0.3'}


Mon, 06 Jul 2026 19:45:00 +0000

Type Values Removed Values Added
Description OP-TEE is a Trusted Execution Environment (TEE) designed as companion to a non-secure Linux kernel running on Arm; Cortex-A cores using the TrustZone technology. Starting in version 3.3.0 and prior to version 4.11.0, a resource leak exists in OP-TEE’s shared memory cleanup logic because the function `cleanup_shm_refs()` in `core/tee/entry_std.c` fails to apply a required bitmask (`OPTEE_MSG_ATTR_TYPE_MASK`) to parameter attributes. When processing non-contiguous memory parameters from a normal-world caller, the system fails to match the attribute type in its internal switch statement and skips the necessary mobj_put() call. This results in a persistent reference leak of `mobj_reg_shm` objects, which remain on internal lists with dangling refcounts. This affects non-FF-A configurations that support non-contiguous, non-secure shared memory. Over time, these accumulated leaks progressively consume the secure-world heap, degrading the system's ability to service trusted application operations and eventually requiring a reboot to recover. Version 4.11.0 contains a patch. No known workarounds are available.
Title OP-TEE has missing OPTEE_MSG_ATTR_TYPE_MASK in cleanup_shm_refs() leaks mobj references
Weaknesses CWE-770
References
Metrics cvssV3_1

{'score': 3.8, 'vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:N/I:N/A:L'}


Subscriptions

Op-tee Op-tee Os
cve-icon MITRE

Status: PUBLISHED

Assigner: GitHub_M

Published:

Updated: 2026-07-06T20:51:23.274Z

Reserved: 2026-04-28T16:56:50.191Z

Link: CVE-2026-42546

cve-icon Vulnrichment

Updated: 2026-07-06T20:51:16.879Z

cve-icon NVD

No data.

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

Updated: 2026-07-10T07:00:06Z

Weaknesses
  • CWE-770

    Allocation of Resources Without Limits or Throttling