*Dear TrustedFirmware Security Team, *

*We have discovered 4 critical vulnerabilities in OP-TEE and libfdt:* 1. Integer Underflow in PKCS#11 RSA-AES Key Unwrap (High) 2. Integer Underflow → Stack Buffer Overflow (High) 3. Heap Underflow in overlay_symbol_update() (High) 4. Heap Buffer Overflow in fdt_next_tag() (High)

*All vulnerabilities have been: * ✓ Responsibly disclosed via GitHub Security Advisory (embargoed) ✓ Documented with PoC and technical analysis ✓ Reported to Intigriti

GitHub Advisory (embargoed until Sept 24, 2026): [ GitHub link https://github.com/OP-TEE/optee_os/security/advisories/GHSA-w85w-hp72-j33g ] *We are requesting: * *1. Formal CVE assignment * * 2. Timeline for patch release * * 3. Acknowledgment in security advisory* PoC inputs and detailed technical documentation available. Contact: mehedi100 (mehedi100@... if you need direct contact) Regards, Mehedi Hasan