#1138880 optee-os: CVE-2026-45702

Package:
src:optee-os
Source:
src:optee-os
Submitter:
Salvatore Bonaccorso
Date:
2026-06-23 16:37:04 UTC
Severity:
normal
Tags:
#1138880#5
Date:
2026-06-05 04:37:01 UTC
From:
To:
Hi,

The following vulnerability was published for optee-os.

CVE-2026-45702[0]:
| OP-TEE is a Trusted Execution Environment (TEE) designed as
| companion to a non-secure Linux kernel running on Arm; Cortex-A
| cores using the TrustZone technology. Starting in version 4.3.0 and
| prior to version 4.11.0, a type confusion vulnerability exists in
| OP-TEE OS when processing an FFA_MEM_SHARE request from the normal
| world. This only applies when OP-TEE is configured as an SPMC for
| S-EL0 SPs, that is, with `CFG_CORE_SEL1_SPMC=y` and
| `CFG_SECURE_PARTITION=y`. Version 4.11.0 fixes the issue.


If you fix the vulnerability please also make sure to include the
CVE (Common Vulnerabilities & Exposures) id in your changelog entry.

For further information see:

[0] https://security-tracker.debian.org/tracker/CVE-2026-45702
https://www.cve.org/CVERecord?id=CVE-2026-45702
[1] https://github.com/OP-TEE/optee_os/security/advisories/GHSA-86pj-8xgw-66p5

Please adjust the affected versions in the BTS as needed.

Regards,
Salvatore
#1138880#8
Date:
2026-06-23 15:57:15 UTC
From:
To:
Hello,

Bug #1138880 in optee-os reported by you has been fixed in the
Git repository and is awaiting an upload. You can see the commit
message below and you can check the diff of the fix at:

https://salsa.debian.org/debian/optee-os/-/commit/2751f6b84370eeefe01ff1189f7a14fb777ad81d
Signed-off-by: Dylan Aïssi <dylan.aissi@collabora.com>
------------------------------------------------------------------------

(this message was generated automatically)
-- 
Greetings

https://bugs.debian.org/1138880
#1138880#15
Date:
2026-06-23 16:35:35 UTC
From:
To:
We believe that the bug you reported is fixed in the latest version of
optee-os, which is due to be installed in the Debian FTP archive.

A summary of the changes between this version and the previous one is
attached.

Thank you for reporting the bug, which will now be closed.  If you
have further comments please address them to 1138880@bugs.debian.org,
and the maintainer will reopen the bug report if appropriate.

Debian distribution maintenance software
pp.
Dylan Aïssi <daissi@debian.org> (supplier of updated optee-os package)

(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing ftpmaster@ftp-master.debian.org)
Format: 1.8
Date: Tue, 23 Jun 2026 18:14:28 +0200
Source: optee-os
Architecture: source
Version: 4.10.0-2
Distribution: unstable
Urgency: medium
Maintainer: Dylan Aïssi <daissi@debian.org>
Changed-By: Dylan Aïssi <daissi@debian.org>
Closes: 1138878 1138879 1138880
Changes:
 optee-os (4.10.0-2) unstable; urgency=medium
 .
   * Import upstream patches fixing:
     - CVE-2026-40290 (Closes: #1138878)
     - CVE-2026-45614 (Closes: #1138879)
     - CVE-2026-45702 (Closes: #1138880)
Checksums-Sha1:
 8cf8f03bcd85b3822f36d0680873955674ea7a1a 2080 optee-os_4.10.0-2.dsc
 0fb93a3771f6266982cbcd28c56322d48caf91ec 15960 optee-os_4.10.0-2.debian.tar.xz
 c20b30d750259912d2066dda2864978fe2249b36 6622 optee-os_4.10.0-2_source.buildinfo
Checksums-Sha256:
 3775e59ac3b9193294533ec2d3511aea02ef0c08a906a96c100adbeeac1f13cc 2080 optee-os_4.10.0-2.dsc
 4f0bad3d39b5623da371845a337bfcae826916e871c54f35017c9931178f01d4 15960 optee-os_4.10.0-2.debian.tar.xz
 5e88dc9d1996c2b40c565af71de9b632def0c3ee451e4dde6f5895ba32bb233b 6622 optee-os_4.10.0-2_source.buildinfo
Files:
 8a809fc33e4157c188e71e767d417075 2080 devel optional optee-os_4.10.0-2.dsc
 2a1386ed7a92f26faebec6aedc3bce6e 15960 devel optional optee-os_4.10.0-2.debian.tar.xz
 78e0fdc02a427644f52cbdc5b3a3c960 6622 devel optional optee-os_4.10.0-2_source.buildinfo
-----BEGIN PGP SIGNATURE-----

wsG7BAEBCgBvBYJqOrE6CRBhLvFhPgUPVEcUAAAAAAAeACBzYWx0QG5vdGF0aW9u
cy5zZXF1b2lhLXBncC5vcmeZ6/8MTgMgFAd6NAg5gbk53MOrXSZTVf3gimgg23bz
6RYhBJo8B70G3i9BboE6XWEu8WE+BQ9UAADc5hAAopLYmaGhDxaCUprTQ6+MLPcl
OIs46++/2XwBRI9NuJZFlwstGasduZHpepQDKksE82SVmTTJlPS4xXV8zlaPgqS6
63fp7mW4wKDUU4nVl7UcrEIUMAXoHnswiu9HQZc4bI6ldQkrlboF3do4UEmyZIBX
rb2qL8uT+bv7kzatZnJ1mKvTXE3nj1A61srniTk316voaCsMTSUTeyzZDccgZDCx
BOHKhNdIvd4ueirYZ2WD8PJnWV+WbEkye3MGQcvNj1qI2i8X/gGCCMzecbr2OK+b
HUUsokredlAKsJaDDHP2XzGkvXwuZIOXj0+OSPrW3RQ6sAa6vR1P9LKqqCePzOkA
H4YMay2iNSVONr9h7GX9k3lkGlDsLdOYH31zmbw8TFTDilfZ2a6JSOi1+RDA4T7A
vkX7RHIxQtUESoTxVIrzEa4zRLguK+Rm+w7UeubAibCsN6rCNhONi/7VqH1mb2yJ
E2CTQAOWINa3PEvBcGLpUb3hPDz5/cRnYGLMjyEObfv5pQOugJiWtGymx4ErtLqJ
nnXmZjBPT7T5fKxA2XE4ZoxlYNw+0MZTYnvTMqtc5HvrfcciThmViwkli3VKJEdS
FczyPZkUD4KPQFHjd88BGcvjddprhMy8vWChDCXtrEAthX84UkBqWzZtdl6lnUqt
L6R+eadl16ewr60r8rM=
=Xh6U
-----END PGP SIGNATURE-----