Lucene search

Debian Security Bug TrackerDEBIANCVE:CVE-2022-47549

HistoryDec 19, 2022 - 9:15 a.m.

CVE-2022-47549

2022-12-1909:15:09

Debian Security Bug Tracker

security-tracker.debian.org

op-tee

memory-access

signature

verification

bypass

injection

fault

CVSS3

6.4

Attack Vector

PHYSICAL

Attack Complexity

HIGH

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:P/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H

AI Score

7.3

Confidence

Low

EPSS

0.001

Percentile

33.7%

JSON

An unprotected memory-access operation in optee_os in TrustedFirmware Open Portable Trusted Execution Environment (OP-TEE) before 3.20 allows a physically proximate adversary to bypass signature verification and install malicious trusted applications via electromagnetic fault injections.

OSVersionArchitecturePackageVersionFilename
Debian999alloptee-os< 4.3.0-1optee-os_4.3.0-1_all.deb
Debian13alloptee-os< 4.3.0-1optee-os_4.3.0-1_all.deb

OS	Version	Architecture	Package	Version	Filename
Debian	999	all	optee-os	< 4.3.0-1	optee-os_4.3.0-1_all.deb
Debian	13	all	optee-os	< 4.3.0-1	optee-os_4.3.0-1_all.deb

CVSS3

6.4

Attack Vector

PHYSICAL

Attack Complexity

HIGH

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:P/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H

AI Score

7.3

Confidence

Low

EPSS

0.001

Percentile

33.7%

JSON

Related for DEBIANCVE:CVE-2022-47549