Impact
A missing bitmask in OP‑TEE’s shared memory cleanup routine causes mobj reference objects to be retained instead of released, leading to a persistent memory leak. Over time these leaked objects consume the secure‑world heap, degrading the TEE’s ability to service trusted application operations and eventually necessitating a reboot to recover. The weakness is captured by CWE‑770: Excessive Allocation of Resources.
Affected Systems
OP-TEE OS versions from 3.3.0 up to 4.10.9 are affected in non‑FF‑A configurations that support non‑contiguous, non‑secure shared memory. The issue was fixed in version 4.11.0.
Risk and Exploitability
The CVSS score of 3.8 indicates low severity, the EPSS score is less than 1 % and the vulnerability is not listed in CISA KEV. The likely attack vector is through a local or privileged attacker in the normal world who can repeatedly allocate shared memory; this can trigger a denial‑of‑service via heap exhaustion. No remote code execution or privilege escalation is possible according to the current description.
OpenCVE Enrichment