CVE-2025-46733 — Improper Handling of Exceptional Conditions in Optee-os

CWE-755 — Improper Handling of Exceptional Conditions4 documents4 sources

Severity

7.9HIGHNVD

EPSS

0.0%

top 91.42%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Debian Optee-os Op-tee Optee OS Msrc Azl3 Kernel 6.6.85.1-4 ON Azure Linux 3.0 +4 more

Timeline

PublishedJul 4

Description

OP-TEE is a Trusted Execution Environment (TEE) designed as companion to a non-secure Linux kernel running on Arm; Cortex-A cores using the TrustZone technology. In version 4.5.0, using a specially crafted tee-supplicant binary running in REE userspace, an attacker can trigger a panic in a TA that uses the libutee Secure Storage API. Many functions in libutee, specifically those which make up the Secure Storage API, will panic if a system call returns an unexpected return code. This behavior is …

CVSS vector

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:L/A:LExploitability: 2.0 | Impact: 5.3

Affected Packages7 packages

▶msrcmsrc/azl3_kernel_6.6.85.1-4_on_azure_linux_3.0

▶msrcmsrc/azl3_kernel_6.6.92.2-1_on_azure_linux_3.0

▶msrcmsrc/cbl2_kernel_5.15.186.1-1_on_cbl_mariner_2.0

▶msrcmsrc/cbl2_kernel_5.15.200.1-1_on_cbl_mariner_2.0

▶msrcmsrc/cbl2_kernel_5.15.202.1-1_on_cbl_mariner_2.0

🔴Vulnerability Details

OSV

CVE-2025-46733: OP-TEE is a Trusted Execution Environment (TEE) designed as companion to a non-secure Linux kernel running on Arm; Cortex-A cores using the TrustZone↗2025-07-04

▶

📋Vendor Advisories

Debian

CVE-2025-46733: optee-os - OP-TEE is a Trusted Execution Environment (TEE) designed as companion to a non-s...↗2025

▶

Microsoft

btrfs: fix qgroup reserve leaks in cow_file_range↗2024-09-10

▶