PT-2026-34837 · Op Tee · Op-Tee

Etienne Carriere

Published

2026-04-24

Updated

2026-04-25

CVE-2026-33317

CVSS v3.1

8.7

High

Vector

AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:L

Name of the Vulnerable Software and Affected Versions OP-TEE versions 3.13.0 through 4.10.0

Description Missing checks in the entry get attribute value() function within ta/pkcs11/src/object.c can result in a crash or an out-of-bounds read from the PKCS#11 TA heap. If combined with an out-of-bounds read, the entry get attribute value() function or the PKCS#11 TA function PKCS11 CMD GET ATTRIBUTE VALUE can be manipulated using a malicious template parameter to read up to 7 bytes beyond the template buffer end and write attribute value content beyond the template buffer end.

Recommendations Update to version 4.11.0.

Exploit

Fix

Out of bounds Read

Memory Corruption

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-125CWE-787

Related Identifiers

CVE-2026-33317

Affected Products

Op-Tee

PT-2026-34837 · Op Tee · Op-Tee

CVE-2026-33317

Weakness Enumeration

Related Identifiers

Affected Products

References · 11