CVE-2022-47549

Name of the Vulnerable Software and Affected Versions TrustedFirmware Open Portable Trusted Execution Environment (OP-TEE) versions prior to 3.20

Description The issue is related to an unprotected memory-access operation in optee os, allowing a physically proximate adversary to bypass signature verification. This can lead to the installation of malicious trusted applications via electromagnetic fault injections.

Recommendations For versions prior to 3.20, update to version 3.20 or later to resolve the issue. As a temporary workaround, consider implementing additional security measures to prevent electromagnetic fault injections, such as using a Faraday cage or other shielding methods to protect the device. Restrict physical access to the device to minimize the risk of exploitation.