CVE-2026-40290 Overview
CVE-2026-40290 is a use-after-free (UAF) race condition in OP-TEE, an open-source Trusted Execution Environment (TEE) that runs on Arm Cortex-A cores using TrustZone technology. The flaw exists in the Firmware Framework for Arm (FF-A) shared memory teardown logic within the Secure Partition Manager Core (SPMC) and Secure Partition (SP) flows. It affects OP-TEE versions 3.16.0 through 4.10.x when compiled with CFG_SECURE_PARTITION=y for S-EL0 Secure Partitions. Version 4.11.0 contains the fix. The vulnerability is tracked under [CWE-416: Use After Free].
Critical Impact
A local attacker with low privileges can trigger concurrent operations on shared memory structures to cause use-after-free conditions, potentially leading to memory corruption inside the secure world.
Affected Products
- OP-TEE OS versions 3.16.0 through 4.10.x
- Configurations with CFG_SECURE_PARTITION=y acting as SPMC for S-EL0 SPs
- Arm Cortex-A platforms using TrustZone with FF-A secure partitions
Discovery Timeline
- 2026-06-03 - CVE-2026-40290 published to NVD
- 2026-06-03 - Last updated in NVD database
Technical Details for CVE-2026-40290
Vulnerability Analysis
The vulnerability stems from missing lock acquisition during shared memory cleanup in the FF-A SPMC code path. The function sp_mem_remove() is responsible for freeing entries in smem->receivers and smem->regions linked lists. However, it fails to acquire the global sp_mem_lock before calling free() on these entries.
Concurrent code paths interact with the same lists under inconsistent locking discipline. sp_mem_get_receiver() iterates the list without holding any lock. sp_mem_is_shared() iterates while holding sp_mem_lock, but is not serialized against the unprotected free() calls inside sp_mem_remove(). This produces a classic cross-thread race window.
In the affected sequence, one thread acquires a pointer to a struct sp_mem_map_region or struct sp_mem_receiver while iterating. A second thread executes sp_mem_remove() and frees that object. When the first thread resumes and dereferences the pointer, the read or write targets freed memory, producing use-after-free behavior inside the secure world.
Root Cause
The root cause is inconsistent synchronization. sp_mem_remove() mutates shared list structures and frees backing memory without holding sp_mem_lock, while reader paths either run lock-free or rely on the same lock that the destroyer ignores. The locking contract for smem->receivers and smem->regions is not enforced uniformly.
Attack Vector
Exploitation requires local access with low privileges to invoke FF-A memory management calls from a Secure Partition or normal-world client. An attacker schedules concurrent FF-A operations that map, share, and reclaim memory regions to race sp_mem_remove() against sp_mem_get_receiver() or sp_mem_is_shared(). Successful exploitation corrupts secure-world heap state and can be leveraged to undermine confidentiality, integrity, and availability of the TEE. See the OP-TEE GitHub Security Advisory for vendor details.
Detection Methods for CVE-2026-40290
Indicators of Compromise
- Unexpected OP-TEE panics, aborts, or secure-world crashes during FF-A memory share or reclaim operations
- Kernel log entries showing SMC errors or SPMC faults correlated with high-frequency memory share or unshare calls
- Anomalous patterns of FFA_MEM_SHARE, FFA_MEM_RECLAIM, or FFA_MEM_RETRIEVE_REQ invocations from a single client
Detection Strategies
- Audit build configurations for CFG_SECURE_PARTITION=y and inventory devices running OP-TEE versions 3.16.0 through 4.10.x
- Instrument OP-TEE with debug builds during testing to surface heap corruption via address sanitizers or guard pages
- Correlate secure-world crash telemetry with normal-world FF-A call traces to identify race-triggering sequences
Monitoring Recommendations
- Collect and centralize OP-TEE serial console logs and kernel TEE driver logs for anomaly review
- Monitor for repeated client-driven FF-A memory operations that target the same handle from multiple threads
- Track device firmware versions across the fleet to confirm OP-TEE 4.11.0 or later is deployed
How to Mitigate CVE-2026-40290
Immediate Actions Required
- Upgrade OP-TEE OS to version 4.11.0 or later, which serializes sp_mem_remove() under sp_mem_lock
- Rebuild and redeploy firmware images for all Arm TrustZone devices using CFG_SECURE_PARTITION=y
- Restrict which normal-world clients and Secure Partitions can issue FF-A memory management calls
Patch Information
The OP-TEE project fixed the vulnerability in version 4.11.0 by acquiring the global sp_mem_lock before freeing entries in smem->receivers and smem->regions. Build images from the patched release and validate the change against the OP-TEE Security Advisory GHSA-332c-xr93-849m.
Workarounds
- If patching is not immediately feasible, disable CFG_SECURE_PARTITION in the OP-TEE build configuration where S-EL0 SPs are not required
- Limit FF-A endpoints to trusted Secure Partitions and reduce concurrency of memory share and reclaim operations
- Apply defense-in-depth by restricting normal-world access to the TEE driver to privileged services only
# Verify deployed OP-TEE version and rebuild from a patched tag
git clone https://github.com/OP-TEE/optee_os.git
cd optee_os
git checkout 4.11.0
make CFG_SECURE_PARTITION=y PLATFORM=<your_platform>
Disclaimer: This content was generated using AI. While we strive for accuracy, please verify critical information with official sources.
