CVE-2025-46733

Name of the Vulnerable Software and Affected Versions OP-TEE versions prior to commit 941a58d78c99c4754fbd4ec3079ec9e1d596af8f

Description OP-TEE, a Trusted Execution Environment (TEE) designed for Arm Cortex-A cores using TrustZone technology, has an issue where a malicious tee-supplicant binary running in REE userspace can trigger a panic in a Trusted Application (TA) utilizing the libutee Secure Storage API. This occurs because return codes from secure storage operations are passed unsanitized through multiple layers – from the REE tee-supplicant, through the Linux kernel tee-driver, through the OP-TEE kernel, and back to libutee. An attacker with REE userspace access can replace the legitimate tee-supplicant with a malicious one, sending unexpected response codes to storage requests, causing the TA to panic. This is particularly impactful for TAs configured with TA FLAG SINGLE INSTANCE and TA FLAG INSTANCE KEEP ALIVE, as their behavior may rely on preserved memory between sessions. A critical example is the optee ftpm TA, where an attacker could reset Platform Configuration Register (PCR) values, potentially falsifying boot measurements and accessing sealed data. The impact ranges from denial of service to sensitive data disclosure, depending on the affected TA.

Recommendations Update OP-TEE to a version including commit 941a58d78c99c4754fbd4ec3079ec9e1d596af8f.