CVE-2026-40290 | OP-TEE optee_os up to 4.10.x sp_mem_remove receivers use after free (GHSA-332c-xr93-849m)

A vulnerability, which was classified as critical, was found in OP-TEE optee_os up to 4.10.x. Affected by this issue is the function sp_mem_remove. The manipulation of the argument receivers results in use after free.

This vulnerability is known as CVE-2026-40290. Attacking locally is a requirement. No exploit is available.

You should upgrade the affected component.VulDB Recent EntriesRead More