CVE-2026-33317 - Vulnerability Analysis
HighCVSS: 8.7Last Updated: April 24, 2026
OP-TEE - Out of Bounds Read & Write
Published: April 24, 2026Updated: April 24, 2026
Overview
OP-TEE 3.13.0 through 4.10.0 contains an out-of-bounds read and write caused by missing checks in entry_get_attribute_value() in ta/pkcs11/src/object.c, letting attackers cause crashes or memory corruption, exploit requires crafted template parameter.
Severity & Score
Severity: High
CVSS Score: 8.7
Impact
Attackers can cause crashes or memory corruption, potentially leading to denial of service or arbitrary code execution.
Mitigation
Update to version 4.11.0 or later.
References
- https://github.com/OP-TEE/optee_os/commit/e031c4e562023fd9f199e39fd2e85797e4cbdca9
- https://github.com/OP-TEE/optee_os/security/advisories/GHSA-8cqw-mg7v-c9p9
- https://github.com/OP-TEE/optee_os/commit/149e8d7ecc4ef8bb00ab4a37fd2ccede6d79e1ca
- https://github.com/OP-TEE/optee_os/commit/16926d5a46934c46e6656246b4fc18385a246900
Related Resources
Details
- CVE ID
- CVE-2026-33317
- Severity
- High
- CVSS Score
- 8.7
- Type
- out_of_bounds_rw
- Status
- new
CWE
- CWE-125
CVSS Metrics
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:L