CVE Vulnerabilities

CVE-2022-47549

Improper Verification of Cryptographic Signature

Published: Dec 19, 2022 | Modified: Dec 28, 2022
CVSS 3.x
6.4
MEDIUM
Source:
NVD
CVSS:3.1/AV:P/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H
CVSS 2.x
RedHat/V2
RedHat/V3
Ubuntu

An unprotected memory-access operation in optee_os in TrustedFirmware Open Portable Trusted Execution Environment (OP-TEE) before 3.20 allows a physically proximate adversary to bypass signature verification and install malicious trusted applications via electromagnetic fault injections.

Weakness

The product does not verify, or incorrectly verifies, the cryptographic signature for data.

Affected Software

Name Vendor Start Version End Version
Op-tee Linaro * 3.20 (excluding)

References