Skip to main content

OP-TEE EUVDEUVD-2026-41893

| CVE-2026-41434 LOW
Stack-based Buffer Overflow (CWE-121)
2026-07-06 GitHub_M
3.3
CVSS 3.1 · Vendor: GitHub_M

Severity by source

Vendor (GitHub_M) PRIMARY
3.3 LOW
AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L
vuln.today AI
3.3 LOW

Local-only attack requiring TEE client API access (AV:L, PR:L); crash of PKCS#11 TA yields limited availability impact only, no data exposure or integrity change.

3.1 AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L
4.0 AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N

Primary rating from Vendor (GitHub_M).

CVSS VectorVendor: GitHub_M

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L
Attack Vector
Local
Attack Complexity
Low
Privileges Required
Low
User Interaction
None
Scope
Unchanged
Confidentiality
None
Integrity
None
Availability
Low

Lifecycle Timeline

2
Patch available
Jul 06, 2026 - 19:02 EUVD
Analysis Generated
Jul 06, 2026 - 18:33 vuln.today

DescriptionCVE.org

OP-TEE is a Trusted Execution Environment (TEE) designed as companion to a non-secure Linux kernel running on Arm; Cortex-A cores using the TrustZone technology. Starting in version 3.10.0 and prior to version 4.11.0, an unbounded recursion can crash the PKCS#11 TA. Version 4.11.0 contains a patch. No known workarounds are available.

AnalysisAI

Stack exhaustion via unbounded recursion in the OP-TEE PKCS#11 Trusted Application allows a local low-privileged user to crash the TA, causing a denial of service within the TrustZone secure world. Affected versions span 3.10.0 through 4.10.x of optee_os running on Arm Cortex-A platforms with TrustZone enabled. …

Unlock full vulnerability intelligence

  • Risk assessment & exploitation conditions
  • Attack chain visualization
  • Remediation with exact patch versions
  • Threat intelligence from 22 sources
  • Personal watchlist & email alerts

Free forever · No credit card required

Attack ChainAIDerived

Hypothetical attack flow derived from CVE metadata

Access
Obtain local low-privileged shell
Delivery
Invoke TEE client API toward PKCS#11 TA
Exploit
Send crafted recursive PKCS#11 request
Execution
Trigger unbounded recursion in TA
Persist
Exhaust secure-world stack
Impact
PKCS#11 TA crash (DoS)

Vulnerability AssessmentAI

Exploitation Exploitation requires local access to the system with at least low-privilege credentials (PR:L per CVSS vector). … Additional conditions and limiting factors are described in the full assessment.
Risk Assessment The CVSS 3.1 base score of 3.3 (Low) accurately reflects the constrained blast radius: the attack vector is Local (AV:L), complexity is Low (AC:L), privileges required are Low (PR:L), and impact is limited to Availability:Low with no confidentiality or integrity components. … Full risk analysis with EPSS, KEV, and SSVC signal comparison available after sign-in.
Exploit Scenario A local user with standard (non-root) privileges on the Linux host calls the TEE client API to interact with the PKCS#11 TA and sends a specially crafted request that triggers unbounded recursive processing within the TA. The recursion exhausts the TA's fixed secure-world stack, causing a crash and rendering the PKCS#11 TA unavailable. …
Remediation Upgrade optee_os to version 4.11.0, which contains the patch for this vulnerability as confirmed by the GitHub Security Advisory GHSA-wh38-23ff-grff (https://github.com/OP-TEE/optee_os/security/advisories/GHSA-wh38-23ff-grff). … Detailed patch versions, workarounds, and compensating controls in full report.

Threat intelligence, references, and detailed analysis are available after sign-in.

Share

EUVD-2026-41893 vulnerability details – vuln.today

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy