CVE-2022-47549
First published: Mon Dec 19 2022(Updated: )
An unprotected memory-access operation in optee_os in TrustedFirmware Open Portable Trusted Execution Environment (OP-TEE) before 3.20 allows a physically proximate adversary to bypass signature verification and install malicious trusted applications via electromagnetic fault injections.
Credit: cve@mitre.org
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Linaro OP-TEE | <3.20 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
Frequently Asked Questions
What is the vulnerability ID?
The vulnerability ID is CVE-2022-47549.
What is the severity of CVE-2022-47549?
The severity of CVE-2022-47549 is medium with a CVSS score of 6.4.
What is the description of CVE-2022-47549?
CVE-2022-47549 is an unprotected memory-access operation in TrustedFirmware Open Portable Trusted Execution Environment (OP-TEE) before 3.20 that allows a physically proximate adversary to bypass signature verification and install malicious trusted applications via electromagnetic fault injections.
What software is affected by CVE-2022-47549?
Linaro OP-TEE versions up to 3.20 are affected by CVE-2022-47549.
How can the vulnerability CVE-2022-47549 be mitigated?
To mitigate CVE-2022-47549, it is recommended to update to TrustedFirmware Open Portable Trusted Execution Environment (OP-TEE) version 3.20 or higher.
- collector/nvd-index
- agent/references
- agent/type
- agent/softwarecombine
- collector/mitre-cve
- source/MITRE
- agent/last-modified-date
- agent/severity
- agent/weakness
- agent/author
- agent/tags
- agent/description
- agent/first-publish-date
- agent/event
- vendor/linaro
- canonical/linaro op-tee