Lucene search

MitreCVE-2022-47549

HistoryDec 19, 2022 - 9:15 a.m.

CVE-2022-47549

2022-12-1909:15:09

CWE-347

mitre

web.nvd.nist.gov

cve-2022-47549

optee_os

trustedfirmware

open portable trusted execution environment

op-tee

memory access

signature verification

fault injections

nvd

CVSS3

6.4

Attack Vector

PHYSICAL

Attack Complexity

HIGH

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:P/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H

AI Score

6.4

Confidence

High

EPSS

0.001

Percentile

33.7%

JSON

An unprotected memory-access operation in optee_os in TrustedFirmware Open Portable Trusted Execution Environment (OP-TEE) before 3.20 allows a physically proximate adversary to bypass signature verification and install malicious trusted applications via electromagnetic fault injections.

Affected configurations

Nvd

Node

linaroop-teeRange<3.20

VendorProductVersionCPE
linaroop-tee*cpe:2.3:o:linaro:op-tee:*:*:*:*:*:*:*:*

Vendor	Product	Version	CPE
linaro	op-tee	*	cpe:2.3:o:linaro:op-tee::::::::

References

github.com/OP-TEE/optee_os/security/advisories/GHSA-r64m-h886-hw6g

people.linaro.org/~joakim.bech/reports/Breaking_cross-world_isolation_on_ARM_TrustZone_through_EM_faults_coredumps_and_UUID_confusion.pdf

CVSS3

6.4

Attack Vector

PHYSICAL

Attack Complexity

HIGH

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:P/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H

AI Score

6.4

Confidence

High

EPSS

0.001

Percentile

33.7%

JSON

Related for CVE-2022-47549