Trustedfirmware Op-tee — known CVE vulnerabilities
Every CVE whose affected-product data names Trustedfirmware Op-tee, ordered by CVSS severity, with EPSS exploit prediction and CISA KEV status.
CVEs (29)
CVE-2019-1010293 — CVSS 9.8 (critical): Linaro/OP-TEE OP-TEE 3.3.0 and earlier is affected by: Boundary crossing. The impact is: Memory corruption of the TEE itself. The component…
CVE-2019-1010296 — CVSS 9.8 (critical): Linaro/OP-TEE OP-TEE 3.3.0 and earlier is affected by: Buffer Overflow. The impact is: Code execution in context of TEE core (kernel). The…
CVE-2019-1010292 — CVSS 9.8 (critical): Linaro/OP-TEE OP-TEE Prior to version v3.4.0 is affected by: Boundary checks. The impact is: This could lead to corruption of any memory…
CVE-2019-1010297 — CVSS 9.8 (critical): Linaro/OP-TEE OP-TEE 3.3.0 and earlier is affected by: Buffer Overflow. The impact is: Execution of code in TEE core (kernel) context. The…
CVE-2019-1010298 — CVSS 9.8 (critical): Linaro/OP-TEE OP-TEE 3.3.0 and earlier is affected by: Buffer Overflow. The impact is: Code execution in the context of TEE core (kernel)…
CVE-2019-1010295 — CVSS 9.8 (critical): Linaro/OP-TEE OP-TEE 3.3.0 and earlier is affected by: Buffer Overflow. The impact is: Memory corruption and disclosure of memory content…
CVE-2019-25052 — CVSS 9.1 (critical): In Linaro OP-TEE before 3.7.0, by using inconsistent or malformed data, it is possible to call update and final cryptographic functions…
CVE-2026-33317 — CVSS 8.7 (high): OP-TEE is a Trusted Execution Environment (TEE) designed as companion to a non-secure Linux kernel running on Arm; Cortex-A cores using the…
CVE-2022-46152 — CVSS 8.2 (high): OP-TEE Trusted OS is the secure side implementation of OP-TEE project, a Trusted Execution Environment. Versions prior to 3.19.0, contain…
CVE-2021-44149 — CVSS 7.8 (high): An issue was discovered in Trusted Firmware OP-TEE Trusted OS through 3.15.0. The OPTEE-OS CSU driver for NXP i.MX6UL SoC devices lacks…
CVE-2026-40290 — CVSS 7.8 (high): OP-TEE is a Trusted Execution Environment (TEE) designed as companion to a non-secure Linux kernel running on Arm; Cortex-A cores using the…
CVE-2026-33662 — CVSS 7.5 (high): OP-TEE is a Trusted Execution Environment (TEE) designed as companion to a non-secure Linux kernel running on Arm; Cortex-A cores using the…
CVE-2016-6129 — CVSS 7.5 (high): The rsa_verify_hash_ex function in rsa_verify_hash.c in LibTomCrypt, as used in OP-TEE before 2.2.0, does not validate that the message…
CVE-2019-1010294 — CVSS 7.5 (high): Linaro/OP-TEE OP-TEE 3.3.0 and earlier is affected by: Rounding error. The impact is: Potentially leaking code and/or data from previous…
CVE-2023-41325 — CVSS 7.4 (high): OP-TEE is a Trusted Execution Environment (TEE) designed as companion to a non-secure Linux kernel running on Arm; Cortex-A cores using the…
CVE-2021-36133 — CVSS 7.1 (high): The OPTEE-OS CSU driver for NXP i.MX SoC devices lacks security access configuration for several models, resulting in TrustZone bypass…
CVE-2020-13799 — CVSS 6.8 (medium): Western Digital has identified a security vulnerability in the Replay Protected Memory Block (RPMB) protocol as specified in multiple…
CVE-2022-47549 — CVSS 6.4 (medium): An unprotected memory-access operation in optee_os in TrustedFirmware Open Portable Trusted Execution Environment (OP-TEE) before 3.20…
CVE-2026-44362 — CVSS 5.5 (medium): OP-TEE is a Trusted Execution Environment (TEE) designed as companion to a non-secure Linux kernel running on Arm; Cortex-A cores using the…
CVE-2026-40257 — CVSS 5.5 (medium): OP-TEE is a Trusted Execution Environment (TEE) designed as companion to a non-secure Linux kernel running on Arm; Cortex-A cores using the…
CVE-2018-12437 — CVSS 4.9 (medium): LibTomCrypt through 1.18.1 allows a memory-cache side-channel attack on ECDSA signatures, aka the Return Of the Hidden Number Problem or…
CVE-2026-45614 — CVSS 4.7 (medium): OP-TEE is a Trusted Execution Environment (TEE) designed as companion to a non-secure Linux kernel running on Arm; Cortex-A cores using the…
CVE-2026-45702 — CVSS 4.4 (medium): OP-TEE is a Trusted Execution Environment (TEE) designed as companion to a non-secure Linux kernel running on Arm; Cortex-A cores using the…
CVE-2026-53763 — CVSS 3.8 (low): OP-TEE is a Trusted Execution Environment (TEE) designed as companion to a non-secure Linux kernel running on Arm; Cortex-A cores using the…
CVE-2026-42546 — CVSS 3.8 (low): OP-TEE is a Trusted Execution Environment (TEE) designed as companion to a non-secure Linux kernel running on Arm; Cortex-A cores using the…
CVE-2026-41434 — CVSS 3.3 (low): OP-TEE is a Trusted Execution Environment (TEE) designed as companion to a non-secure Linux kernel running on Arm; Cortex-A cores using the…
CVE-2026-41516 — CVSS 2.5 (low): OP-TEE is a Trusted Execution Environment (TEE) designed as companion to a non-secure Linux kernel running on Arm; Cortex-A cores using the…
CVE-2026-41515 — CVSS 2.5 (low): OP-TEE is a Trusted Execution Environment (TEE) designed as companion to a non-secure Linux kernel running on Arm; Cortex-A cores using the…
CVE-2026-41514 — CVSS 2.5 (low): OP-TEE is a Trusted Execution Environment (TEE) designed as companion to a non-secure Linux kernel running on Arm; Cortex-A cores using the…