{"id":"CVE-2022-47549","details":"An unprotected memory-access operation in optee_os in TrustedFirmware Open Portable Trusted Execution Environment (OP-TEE) before 3.20 allows a physically proximate adversary to bypass signature verification and install malicious trusted applications via electromagnetic fault injections.","aliases":["GHSA-r64m-h886-hw6g"],"modified":"2026-07-08T06:03:24.762960710Z","published":"2022-12-19T00:00:00Z","database_specific":{"osv_generated_from":"https://github.com/CVEProject/cvelistV5/tree/main/cves/2022/47xxx/CVE-2022-47549.json","cna_assigner":"mitre"},"references":[{"type":"WEB","url":"https://people.linaro.org/~joakim.bech/reports/Breaking_cross-world_isolation_on_ARM_TrustZone_through_EM_faults_coredumps_and_UUID_confusion.pdf"},{"type":"ADVISORY","url":"https://github.com/CVEProject/cvelistV5/tree/main/cves/2022/47xxx/CVE-2022-47549.json"},{"type":"ADVISORY","url":"https://github.com/OP-TEE/optee_os/security/advisories/GHSA-r64m-h886-hw6g"},{"type":"ADVISORY","url":"https://nvd.nist.gov/vuln/detail/CVE-2022-47549"}],"affected":[{"ranges":[{"type":"GIT","repo":"https://github.com/op-tee/optee_os","events":[{"introduced":"0"},{"fixed":"8e74d47616a20eaa23ca692f4bbbf917a236ed94"}],"database_specific":{"extracted_events":[{"introduced":"0"},{"fixed":"3.20"}],"source":"DESCRIPTION"}}],"versions":["3.20.0-rc1","3.19.0","3.19.0-rc1","3.18.0","3.18.0-rc1","3.17.0","3.17.0-rc1","3.16.0","3.15.0","3.15.0-rc1","3.14.0","3.14.0-rc1","3.13.0","3.13.0-rc1","3.12.0","3.12.0-rc1","3.11.0","3.11.0-rc1","3.10.0","3.10.0-rc1","3.9.0","3.9.0-rc1","3.8.0","3.8.0-rc1","3.7.0","3.7.0-rc1","3.6.0","3.6.0-rc1","3.5.0","3.5.0-rc1","3.4.0","3.4.0-rc1","3.3.0","3.3.0-rc2","3.2.0","3.2.0-rc1","3.1.0","3.1.0-rc1","3.0.0","3.0.0-rc2","3.0.0-rc1","2.6.0","2.6.0-rc1","2.5.0","2.5.0-rc2","2.5.0-rc1","2.4.0","2.3.0","2.2.0","20160825-for-lmg","2.1.0","2.0.0","1.1.0","1.0.1","1.0.0","1.0.0-rc2","1.0.0-rc1","0.3.0","0.2.0","0.1.0"],"database_specific":{"source":"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2022-47549.json"}}],"schema_version":"1.7.5","severity":[{"type":"CVSS_V3","score":"CVSS:3.1/AV:P/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H"}]}