First published: Mon Dec 19 2022(Updated: )
An unprotected memory-access operation in optee_os in TrustedFirmware Open Portable Trusted Execution Environment (OP-TEE) before 3.20 allows a physically proximate adversary to bypass signature verification and install malicious trusted applications via electromagnetic fault injections.
Credit: cve@mitre.org cve@mitre.org
Affected Software | Affected Version | How to fix |
---|---|---|
Linaro OP-TEE | <3.20 | |
<3.20 |
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
The vulnerability ID is CVE-2022-47549.
The severity of CVE-2022-47549 is medium with a CVSS score of 6.4.
CVE-2022-47549 is an unprotected memory-access operation in TrustedFirmware Open Portable Trusted Execution Environment (OP-TEE) before 3.20 that allows a physically proximate adversary to bypass signature verification and install malicious trusted applications via electromagnetic fault injections.
Linaro OP-TEE versions up to 3.20 are affected by CVE-2022-47549.
To mitigate CVE-2022-47549, it is recommended to update to TrustedFirmware Open Portable Trusted Execution Environment (OP-TEE) version 3.20 or higher.