OP-TEE Vulnerability Exposes TrustZone to OOB Reads, Crashes
The National Vulnerability Database has disclosed CVE-2026-33317, a high-severity vulnerability affecting OP-TEE versions 3.13.0 through 4.10.0. OP-TEE is a Trusted Execution Environment (TEE) designed to run alongside a non-secure Linux kernel on Arm Cortex-A cores utilizing TrustZone technology. This flaw, a missing check in entry_get_attribute_value() within the PKCS#11 TA, allows for out-of-bounds reads from the PKCS#11 TA heap or system crashes.
Specifically, a crafted template parameter can trick the PKCS11_CMD_GET_ATTRIBUTE_VALUE function into reading up to 7 bytes beyond the template buffer and writing beyond it with PKCS#11 object attribute values. This isn’t just a denial-of-service; an out-of-bounds read in a TEE context is critical. It can lead to information disclosure from the secure world, potentially exposing sensitive data or even enabling further exploitation for privilege escalation within the TEE.
The CVSS score of 8.7 (High) underscores the severity. For defenders, the implications are clear: compromise of the TEE fundamentally undermines the security guarantees of the entire system. Patches are anticipated in version 4.11.0, with specific commits already identified. Organizations deploying Arm-based systems relying on OP-TEE must prioritize updating to mitigate this significant risk.
What This Means For You
- If your organization utilizes Arm Cortex-A devices with OP-TEE (versions 3.13.0 through 4.10.0), you are exposed to a critical vulnerability that could lead to information disclosure from your Trusted Execution Environment. This isn't theoretical; it's a direct threat to the integrity of your secure processing. Immediately identify all affected systems and plan for urgent patching to version 4.11.0 or apply the identified commits. A compromised TEE means your root of trust is shattered.
Related ATT&CK Techniques
🛡️ Detection Rules
3 rules · 6 SIEM formats3 detection rules auto-generated for this incident, mapped to MITRE ATT&CK. Sigma YAML is free — export to any SIEM format via the Intel Bot.
CVE-2026-33317 OP-TEE PKCS#11 Out-of-Bounds Read
Indicators of Compromise
| ID | Type | Indicator |
|---|---|---|
| CVE-2026-33317 | Information Disclosure | OP-TEE versions 3.13.0 through 4.10.0 |
| CVE-2026-33317 | DoS | OP-TEE versions 3.13.0 through 4.10.0 |
| CVE-2026-33317 | Out-of-bounds Read | OP-TEE: missing checks in `entry_get_attribute_value()` in `ta/pkcs11/src/object.c` |
| CVE-2026-33317 | Out-of-bounds Read | OP-TEE: `PKCS11_CMD_GET_ATTRIBUTE_VALUE` or `entry_get_attribute_value()` function in PKCS#11 TA |
Written by SCW Vulnerability Desk
Source & Attribution
| Source Platform | NVD |
| Channel | National Vulnerability Database |
| Published | April 24, 2026 at 06:16 UTC |
This content was AI-rewritten and enriched by Shimi's Cyber World based on the original source. All intellectual property rights remain with the original author.
Believe this infringes your rights? Submit a takedown request.
Related Posts
D-Link DWM-222W Wi-Fi Adapter Vulnerable to Brute-Force Bypass
CVE-2026-6947 — DWM-222W USB Wi-Fi Adapter developed by D-Link has a Brute-Force Protection Bypass vulnerability, allowing unauthenticated adjacent network attackers to bypass login attempt limits...
CVE-2026-6393 — The BetterDocs plugin for WordPress is vulnerable to
CVE-2026-6393 — The BetterDocs plugin for WordPress is vulnerable to Missing Authorization in versions up to and including 4.3.11. This is due to a missing...
CVE-2026-5488 — The ExactMetrics – Google Analytics Dashboard for WordPress
CVE-2026-5488 — The ExactMetrics – Google Analytics Dashboard for WordPress plugin for WordPress is vulnerable to Missing Authorization in versions up to and including 9.1.2....