Cyber Resilience

CVE-2026-33317

HighPublic PoCUpdated

Published: 24 April 2026

Published
24 April 2026
Modified
05 June 2026
KEV Added
Patch
CVSS Score v3.1 8.7 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:L
EPSS Score 0.0018 8.1th percentile
Risk Priority 55 floored blend · peak EPSS

Summary

CVE-2026-33317 is a high-severity Out-of-bounds Read (CWE-125) vulnerability in Trustedfirmware Op-Tee. Its CVSS base score is 8.7 (High).

Operationally, exploitation aligns with the MITRE ATT&CK technique Exploitation for Privilege Escalation (T1068); ranked at the 8.1th percentile by exploit likelihood (below the median); it is not currently listed in the CISA KEV catalog; a public proof-of-concept is referenced.

The strongest mitigations our analysis identified are NIST 800-53 SI-10 (Information Input Validation) and SI-16 (Memory Protection).

Deeper analysis

CVE-2026-33317 affects OP-TEE, a Trusted Execution Environment (TEE) designed as a companion to a non-secure Linux kernel on Arm Cortex-A cores using TrustZone technology. The vulnerability stems from missing checks in the `entry_get_attribute_value()` function located in `ta/pkcs11/src/object.c`, present in versions 3.13.0 through 4.10.0. This flaw enables an out-of-bounds (OOB) read from the PKCS#11 Trusted Application (TA) heap, potentially causing a crash. When chained with the OOB read, the PKCS#11 TA functions `PKCS11_CMD_GET_ATTRIBUTE_VALUE` or `entry_get_attribute_value()` can be exploited using a malformed template parameter to read at most 7 bytes beyond the end of the template buffer and write beyond the buffer's end using content from a PKCS#11 object attribute value. It is associated with CWE-125 (OOB read) and CWE-787 (OOB write), with a CVSS v3.1 base score of 8.7 (AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:L).

A local attacker with low privileges can exploit this vulnerability with low complexity and no user interaction required. The high scope (S:C) allows impact across security boundaries, enabling high confidentiality and integrity effects—such as unauthorized disclosure or modification of sensitive data in the TEE—alongside low availability impact from potential crashes.

Mitigation is provided through patches in OP-TEE commits e031c4e562023fd9f199e39fd2e85797e4cbdca9, 16926d5a46934c46e6656246b4fc18385a246900, and 149e8d7ecc4ef8bb00ab4a37fd2ccede6d79e1ca, which are anticipated to be included in version 4.11.0. Additional details are available in the GitHub Security Advisory at GHSA-8cqw-mg7v-c9p9 and the referenced commit pages.

EU & UK References

Vulnerability details

OP-TEE is a Trusted Execution Environment (TEE) designed as companion to a non-secure Linux kernel running on Arm; Cortex-A cores using the TrustZone technology. In versions 3.13.0 through 4.10.0, missing checks in `entry_get_attribute_value()` in `ta/pkcs11/src/object.c` can lead to out-of-bounds read…

more

from the PKCS#11 TA heap or a crash. When chained with the OOB read, the PKCS#11 TA function `PKCS11_CMD_GET_ATTRIBUTE_VALUE` or `entry_get_attribute_value()` can, with a bad template parameter, be tricked into reading at most 7 bytes beyond the end of the template buffer and writing beyond the end of the template buffer with the content of an attribute value of a PKCS#11 object. Commits e031c4e562023fd9f199e39fd2e85797e4cbdca9, 16926d5a46934c46e6656246b4fc18385a246900, and 149e8d7ecc4ef8bb00ab4a37fd2ccede6d79e1ca contain patches and are anticipated to be part of version 4.11.0.

CWE(s)

Related Threats

MITRE ATT&CK Enterprise TechniquesAI

T1068 Exploitation for Privilege Escalation Privilege Escalation
Adversaries may exploit software vulnerabilities in an attempt to elevate privileges.
T1212 Exploitation for Credential Access Credential Access
Adversaries may exploit software vulnerabilities in an attempt to collect credentials.
Why these techniques?

Local OOB read/write in OP-TEE PKCS#11 TA crosses REE/TEE security boundary (S:C), directly enabling exploitation for privilege escalation to access secure-world data and for credential access by leaking/modifying sensitive PKCS#11 object attributes or heap contents.

Confidence: MEDIUM · MITRE ATT&CK Enterprise v19.0

CVEs Like This One

CVE-2026-33662Same product: Trustedfirmware Op-Tee
CVE-2026-40290Same product: Trustedfirmware Op-Tee
CVE-2026-34876Same vendor: Trustedfirmware
CVE-2025-24196Shared CWE-125
CVE-2025-21687Shared CWE-125, CWE-787
CVE-2026-31449Shared CWE-125
CVE-2024-57928Shared CWE-125
CVE-2026-34875Same vendor: Trustedfirmware
CVE-2024-51729Shared CWE-787
CVE-2022-49560Shared CWE-125

Affected Assets

trustedfirmware
op-tee
3.13.0 — 4.10.0

Mitigating Controls

Mitigating Controls (NIST 800-53 r5) AI

prevent

Requires validation of inputs like template parameters to enforce bounds checking, directly preventing OOB reads and writes in entry_get_attribute_value().

prevent

Implements memory protection mechanisms to safeguard the PKCS#11 TA heap against unauthorized OOB access and exploitation.

prevent

Mandates timely flaw remediation through application of OP-TEE patches that add missing checks to fix the vulnerability.

References