Op-Tee Optee Os vulnerabilities

CVE-2025-46733 [HIGH] CWE-755 CVE-2025-46733: OP-TEE is a Trusted Execution Environment (TEE) designed as companion to a non-secure Linux kernel r OP-TEE is a Trusted Execution Environment (TEE) designed as companion to a non-secure Linux kernel running on Arm; Cortex-A cores using the TrustZone technology. In version 4.5.0, using a specially crafted tee-supplicant binary running in REE userspace, an attacker can trigger a panic in a TA that uses the libutee Secure Storage API. Many functions in

CVE-2023-41325 [MEDIUM] CWE-415 CVE-2023-41325: OP-TEE is a Trusted Execution Environment (TEE) designed as companion to a non-secure Linux kernel r OP-TEE is a Trusted Execution Environment (TEE) designed as companion to a non-secure Linux kernel running on Arm; Cortex-A cores using the TrustZone technology. Starting in version 3.20 and prior to version 3.22, `shdr_verify_signature` can make a double free. `shdr_verify_signature` used to verify a TA binary before it is loaded. To verify a signa

CVE-2022-46152 [HIGH] CWE-129 CVE-2022-46152: OP-TEE Trusted OS is the secure side implementation of OP-TEE project, a Trusted Execution Environme OP-TEE Trusted OS is the secure side implementation of OP-TEE project, a Trusted Execution Environment. Versions prior to 3.19.0, contain an Improper Validation of Array Index vulnerability. The function `cleanup_shm_refs()` is called by both `entry_invoke_command()` and `entry_open_session()`. The commands `OPTEE_MSG_CMD_OPEN_SESSION` and `OPTEE_MSG_