The vulnerability is a type confusion in OP‑TEE OS’s Trusted Memory Manager. When the Secure Partition Manager (SPMC) receives an FFA_MEM_SHARE request from the normal world, the object type is incorrectly interpreted, causing the S‑EL1 kernel to panic. The flaw is identified as CWE‑843. Because the fault occurs in the kernel domain, the immediate consequence is a system crash, potentially causing denial of service to applications and services that rely on the normal‑world kernel.

This issue affects OP‑TEE OS releases 4.3.0 through 4.10.x (inclusive) only when the build is configured as an SPMC for S‑EL0 secure partitions. That requires the options CFG_CORE_SEL1_SPMC=y and CFG_SECURE_PARTITION=y to be enabled. The configuration must be operating on an ARM Cortex‑A core that supports TrustZone. Version 4.11.0 and later contain the fix.

The CVSS score of 4.4 reflects low‑medium impact. No EPSS score is available and the vulnerability is not listed in CISA KEV, indicating it is not a known actively exploited flaw. Exploitability is limited to systems that have OP‑TEE configured as an SPMC; an attacker must be able to trigger an FFA_MEM_SHARE command from the normal world, which is typically possible for local components or privileged applications. Because the flaw results only in a kernel panic, the threat profile is moderate; nevertheless, upgrading to the patched version is strongly recommended to avoid unplanned downtime.