CVE-2026-42546: CWE-770: Allocation of Resources Without Limits or Throttling in OP-TEE optee_os
OP-TEE is a Trusted Execution Environment (TEE) designed as companion to a non-secure Linux kernel running on Arm; Cortex-A cores using the TrustZone technology. Starting in version 3.3.0 and prior to version 4.11.0, a resource leak exists in OP-TEE’s shared memory cleanup logic because the function `cleanup_shm_refs()` in `core/tee/entry_std.c` fails to apply a required bitmask (`OPTEE_MSG_ATTR_TYPE_MASK`) to parameter attributes. When processing non-contiguous memory parameters from a normal-world caller, the system fails to match the attribute type in its internal switch statement and skips the necessary mobj_put() call. This results in a persistent reference leak of `mobj_reg_shm` objects, which remain on internal lists with dangling refcounts. This affects non-FF-A configurations that support non-contiguous, non-secure shared memory. Over time, these accumulated leaks progressively consume the secure-world heap, degrading the system's ability to service trusted application operations and eventually requiring a reboot to recover. Version 4.11.0 contains a patch. No known workarounds are available.
AI Analysis
Technical Summary
OP-TEE's optee_os versions starting from 3.3.0 up to before 4.11.0 contain a resource leak in the shared memory cleanup logic. The function cleanup_shm_refs() fails to apply the required bitmask OPTEE_MSG_ATTR_TYPE_MASK to parameter attributes. This causes the system to skip the necessary mobj_put() call when processing non-contiguous memory parameters from a normal-world caller, resulting in persistent reference leaks of mobj_reg_shm objects. These leaked objects accumulate on internal lists with dangling reference counts, progressively consuming secure-world heap memory and degrading the system's ability to service trusted application operations. The issue affects non-FF-A configurations supporting non-contiguous, non-secure shared memory. The vulnerability is patched in version 4.11.0. No workarounds are known.
Potential Impact
The vulnerability causes a resource leak that progressively consumes secure-world heap memory, leading to degraded performance and eventual inability to service trusted application operations. This condition ultimately requires a system reboot to recover. There is no impact on confidentiality or integrity, only availability is affected. No known exploits exist in the wild.
Mitigation Recommendations
Version 4.11.0 of optee_os contains a patch that fixes this resource leak vulnerability. Users should upgrade to version 4.11.0 or later to remediate the issue. No workarounds are available. Patch status is not explicitly confirmed beyond the mention of the fix in 4.11.0; verify with the vendor advisory for current remediation guidance.
CVE-2026-42546: CWE-770: Allocation of Resources Without Limits or Throttling in OP-TEE optee_os
Description
OP-TEE is a Trusted Execution Environment (TEE) designed as companion to a non-secure Linux kernel running on Arm; Cortex-A cores using the TrustZone technology. Starting in version 3.3.0 and prior to version 4.11.0, a resource leak exists in OP-TEE’s shared memory cleanup logic because the function `cleanup_shm_refs()` in `core/tee/entry_std.c` fails to apply a required bitmask (`OPTEE_MSG_ATTR_TYPE_MASK`) to parameter attributes. When processing non-contiguous memory parameters from a normal-world caller, the system fails to match the attribute type in its internal switch statement and skips the necessary mobj_put() call. This results in a persistent reference leak of `mobj_reg_shm` objects, which remain on internal lists with dangling refcounts. This affects non-FF-A configurations that support non-contiguous, non-secure shared memory. Over time, these accumulated leaks progressively consume the secure-world heap, degrading the system's ability to service trusted application operations and eventually requiring a reboot to recover. Version 4.11.0 contains a patch. No known workarounds are available.
CVSS v3.1
Score 3.8low
Affected software
pkg:github/op-tee/optee_osRun on your own infrastructure? Check whether these packages are installed with threat-finder — our free open-source scanner.
Weaknesses
AI-Powered Analysis
Machine-generated threat intelligence
Technical Analysis
OP-TEE's optee_os versions starting from 3.3.0 up to before 4.11.0 contain a resource leak in the shared memory cleanup logic. The function cleanup_shm_refs() fails to apply the required bitmask OPTEE_MSG_ATTR_TYPE_MASK to parameter attributes. This causes the system to skip the necessary mobj_put() call when processing non-contiguous memory parameters from a normal-world caller, resulting in persistent reference leaks of mobj_reg_shm objects. These leaked objects accumulate on internal lists with dangling reference counts, progressively consuming secure-world heap memory and degrading the system's ability to service trusted application operations. The issue affects non-FF-A configurations supporting non-contiguous, non-secure shared memory. The vulnerability is patched in version 4.11.0. No workarounds are known.
Potential Impact
The vulnerability causes a resource leak that progressively consumes secure-world heap memory, leading to degraded performance and eventual inability to service trusted application operations. This condition ultimately requires a system reboot to recover. There is no impact on confidentiality or integrity, only availability is affected. No known exploits exist in the wild.
Mitigation Recommendations
Version 4.11.0 of optee_os contains a patch that fixes this resource leak vulnerability. Users should upgrade to version 4.11.0 or later to remediate the issue. No workarounds are available. Patch status is not explicitly confirmed beyond the mention of the fix in 4.11.0; verify with the vendor advisory for current remediation guidance.
Technical Details
- Data Version
- 5.2
- Assigner Short Name
- GitHub_M
- Date Reserved
- 2026-04-28T16:56:50.191Z
- Cvss Version
- 3.1
- State
- PUBLISHED
- Remediation Level
- null
Threat ID: 6a4c076827e9c7971920cba0
Added to database: 07/06/2026, 19:52:08 UTC
Last enriched: 07/06/2026, 20:07:23 UTC
Last updated: 07/07/2026, 03:23:43 UTC
Views: 7
Community Reviews
0 reviewsCrowdsource mitigation strategies, share intel context, and vote on the most helpful responses. Sign in to add your voice and help keep defenders ahead.
Want to contribute mitigation steps or threat intel context? Sign in or create an account to join the community discussion.
Actions
Updates to AI analysis require Pro Console access. Upgrade inside Console → Billing.
External Links
Need more coverage?
Upgrade to Pro Console for AI refresh and higher limits.
For incident response and remediation, OffSeq services can help resolve threats faster.
Latest Threats
Check if your credentials are on the dark web
Instant breach scanning across billions of leaked records. Free tier available.