Zurück zur CVE-Übersicht
CVE-2022-47549
MEDIUM(6.4)CVSS:3.1/AV:P/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H
Risk Signal Score16/100 — NIEDRIG
- CVSS 6.4 — Mittel
EPSS-Score
0%
Exploit-Wahrscheinlichkeit (30 Tage)
CVSS Score
6.4
Technische Schwere
Beschreibung
An unprotected memory-access operation in optee_os in TrustedFirmware Open Portable Trusted Execution Environment (OP-TEE) before 3.20 allows a physically proximate adversary to bypass signature verification and install malicious trusted applications via electromagnetic fault injections.
Referenzen
- https://github.com/OP-TEE/optee_os/security/advisories/GHSA-r64m-h886-hw6g
- https://people.linaro.org/~joakim.bech/reports/Breaking_cross-world_isolation_on...
- https://github.com/OP-TEE/optee_os/security/advisories/GHSA-r64m-h886-hw6g
- https://people.linaro.org/~joakim.bech/reports/Breaking_cross-world_isolation_on...