CVE-2022-47549

CVSS V2 None CVSS V3 None

Description

An unprotected memory-access operation in optee_os in TrustedFirmware Open Portable Trusted Execution Environment (OP-TEE) before 3.20 allows a physically proximate adversary to bypass signature verification and install malicious trusted applications via electromagnetic fault injections.

Overview

CVE ID
CVE-2022-47549

Assigner
cve@mitre.org

Vulnerability Status
Analyzed

Published Version
2022-12-19T09:15:09

Last Modified Date
2022-12-28T19:28:41

Weakness Enumerations

CWE	URL
CWE-347	http://cwe.mitre.org/data/definitions/347.html

CPE Configuration (Product)

CPE	Vulnerable	Operator	Version Start	Version End
cpe:2.3:o:linaro:op-tee::::::::	1	OR		3.20

References

Reference URL	Reference Tags
https://github.com/OP-TEE/optee_os/security/advisories/GHSA-r64m-h886-hw6g
https://people.linaro.org/~joakim.bech/reports/Breaking_cross-world_isolation_on_ARM_TrustZone_through_EM_faults_coredumps_and_UUID_confusion.pdf

Sources

Source Name	Source URL
NIST	https://nvd.nist.gov/vuln/detail/CVE-2022-47549
MITRE	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-47549

History

Created	Old Value	New Value	Data Type	Notes
2022-12-19 16:16:22				Added to TrackCVE
2022-12-21 14:15:16	2022-12-19T09:15:09.637	2022-12-19T09:15:09	CVE Published Date	updated
2022-12-21 14:15:16		2022-12-19T13:12:34	CVE Modified Date	updated
2022-12-21 14:15:16	Awaiting Analysis	Undergoing Analysis	Vulnerability Status	updated
2022-12-28 20:14:43		2022-12-28T19:28:41	CVE Modified Date	updated
2022-12-28 20:14:43	Undergoing Analysis	Analyzed	Vulnerability Status	updated
2022-12-28 20:14:44			Weakness Enumeration	new
2022-12-28 20:14:44			CPE Information	updated