An unprotected memory-access operation in optee_os in TrustedFirmware Open Portable Trusted Execution Environment (OP-TEE) before 3.20 allows a physically proximate adversary to bypass signature verification and install malicious trusted applications via electromagnetic fault injections.
The product does not verify, or incorrectly verifies, the cryptographic signature for data.
Name | Vendor | Start Version | End Version |
---|---|---|---|
Op-tee | Linaro | * | 3.20 (excluding) |