CVE-2026-42546
Received Received - Intake

Resource Leak in OP-TEE Shared Memory Cleanup

Vulnerability report for CVE-2026-42546, including description, CVSS score, EPSS score, affected products, exploitability, helpful resources, and attack-flow context.

Publication date: 2026-07-06

Last updated on: 2026-07-06

Assigner: GitHub, Inc.

Description

OP-TEE is a Trusted Execution Environment (TEE) designed as companion to a non-secure Linux kernel running on Arm; Cortex-A cores using the TrustZone technology. Starting in version 3.3.0 and prior to version 4.11.0, a resource leak exists in OP-TEE’s shared memory cleanup logic because the function `cleanup_shm_refs()` in `core/tee/entry_std.c` fails to apply a required bitmask (`OPTEE_MSG_ATTR_TYPE_MASK`) to parameter attributes. When processing non-contiguous memory parameters from a normal-world caller, the system fails to match the attribute type in its internal switch statement and skips the necessary mobj_put() call. This results in a persistent reference leak of `mobj_reg_shm` objects, which remain on internal lists with dangling refcounts. This affects non-FF-A configurations that support non-contiguous, non-secure shared memory. Over time, these accumulated leaks progressively consume the secure-world heap, degrading the system's ability to service trusted application operations and eventually requiring a reboot to recover. Version 4.11.0 contains a patch. No known workarounds are available.

CVSS Scores

EPSS Scores

Probability:
Percentile:

Meta Information

Published
2026-07-06
Last Modified
2026-07-06
Generated
2026-07-07
AI Q&A
2026-07-06
EPSS Evaluated
N/A
NVD
EUVD

Affected Vendors & Products

Showing 3 associated CPEs
Vendor Product Version / Range
op-tee op-tee From 3.3.0 (inc) to 4.11.0 (exc)
op-tee op-tee 4.11.0
op-tee op-tee to 4.11.0 (exc)

Helpful Resources

Exploitability

CWE
CWE Icon
KEV
KEV Icon
CWE ID Description
CWE-770 The product allocates a reusable resource or group of resources on behalf of an actor without imposing any intended restrictions on the size or number of resources that can be allocated.

Attack-Flow Graph

AI Quick Actions

Instant insights powered by AI
Executive Summary

This vulnerability is a resource leak in OP-TEE's shared memory cleanup logic. Specifically, the function cleanup_shm_refs() fails to apply a required bitmask to parameter attributes when handling non-contiguous memory parameters from a normal-world caller. Because of this, the system skips a necessary cleanup call (mobj_put()), causing persistent reference leaks of certain memory objects (mobj_reg_shm). These leaked objects accumulate over time, consuming the secure-world heap and degrading system performance.

The issue affects OP-TEE versions starting from 3.3.0 up to but not including 4.11.0, particularly in non-FF-A configurations that support non-contiguous, non-secure shared memory. The vulnerability has a low severity rating with a CVSS score of 3.8 and requires local access with low privileges. It was patched in version 4.11.0.

Impact Analysis

This vulnerability can lead to progressive consumption of the secure-world heap due to leaked memory references. As these leaks accumulate, the system's ability to service trusted application operations degrades, potentially causing performance issues or failures in secure operations.

Eventually, the system may require a reboot to recover from the degraded state caused by the resource leak. Since no workarounds are available, affected systems must be updated to a patched version (4.11.0 or later) to resolve the issue.

Detection Guidance

This vulnerability involves a resource leak in OP-TEE's shared memory cleanup logic, specifically leaking mobj_reg_shm objects that accumulate over time and degrade the secure-world heap.

There are no specific detection commands or network-based detection methods provided in the available information.

Detection would likely require monitoring the secure-world heap usage or internal reference counts within OP-TEE, but no explicit commands or tools are mentioned.

Mitigation Strategies

The vulnerability is patched in OP-TEE version 4.11.0 and later.

Immediate mitigation involves upgrading OP-TEE to version 4.11.0 or a later patched release.

No known workarounds are available to mitigate this issue without applying the patch.

Until the patch is applied, be aware that the system may degrade over time and require a reboot to recover from the resource leak.

Chat Assistant

Ask questions about this CVE
Hi! I’m here to help you understand CVE-2026-42546. Ask me anything about the vulnerability, its impact, or mitigation strategies.
0/70

EPSS Chart