DEBIAN-CVE-2026-45702

See a problem?
Please try reporting it to the source first.
Source
https://security-tracker.debian.org/tracker/CVE-2026-45702
Import Source
https://storage.googleapis.com/osv-test-debian-osv/debian-cve-osv/DEBIAN-CVE-2026-45702.json
JSON Data
https://api.test.osv.dev/v1/vulns/DEBIAN-CVE-2026-45702
Upstream
  • CVE-2026-45702
Published
2026-06-03T19:16:38.730Z
Modified
2026-06-11T09:05:42.839908153Z
Summary
[none]
Details

OP-TEE is a Trusted Execution Environment (TEE) designed as companion to a non-secure Linux kernel running on Arm; Cortex-A cores using the TrustZone technology. Starting in version 4.3.0 and prior to version 4.11.0, a type confusion vulnerability exists in OP-TEE OS when processing an FFAMEMSHARE request from the normal world. This only applies when OP-TEE is configured as an SPMC for S-EL0 SPs, that is, with CFG_CORE_SEL1_SPMC=y and CFG_SECURE_PARTITION=y. Version 4.11.0 fixes the issue.

References

Affected packages

Debian:13 / optee-os

Package

Name
optee-os
Purl
pkg:deb/debian/optee-os?arch=source&distro=trixie

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected

Affected versions

4.*
4.5.0-2
4.7.0-1
4.8.0-1
4.9.0-1
4.10.0-1

Ecosystem specific 

{
    "urgency": "not yet assigned"
}

Database specific

source 
"https://storage.googleapis.com/osv-test-debian-osv/debian-cve-osv/DEBIAN-CVE-2026-45702.json"

Debian:14 / optee-os

Package

Name
optee-os
Purl
pkg:deb/debian/optee-os?arch=source&distro=forky

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected

Affected versions

4.*
4.5.0-2
4.7.0-1
4.8.0-1
4.9.0-1
4.10.0-1

Ecosystem specific 

{
    "urgency": "not yet assigned"
}

Database specific

source 
"https://storage.googleapis.com/osv-test-debian-osv/debian-cve-osv/DEBIAN-CVE-2026-45702.json"