Medium severity6.4NVD Advisory· Published Dec 19, 2022· Updated Jun 5, 2026

CVE-2022-47549

Description

An unprotected memory-access operation in optee_os in TrustedFirmware Open Portable Trusted Execution Environment (OP-TEE) before 3.20 allows a physically proximate adversary to bypass signature verification and install malicious trusted applications via electromagnetic fault injections.

AI Insight

LLM-synthesized narrative grounded in this CVE's description and references.

Affected products

Arm/Op Tee
cpe:2.3:o:trustedfirmware:op-tee:*:*:*:*:*:*:*:*
Range: <3.20
TrustedFirmware/Open Portable Trusted Execution Environment (OP-TEE)description
Op Tee/Optee OSllm-fuzzy
Range: <3.20

Patches

Vulnerability mechanics

References

people.linaro.org/~joakim.bech/reports/Breaking_cross-world_isolation_on_ARM_TrustZone_through_EM_faults_coredumps_and_UUID_confusion.pdfnvdExploitTechnical DescriptionVendor Advisory
github.com/OP-TEE/optee_os/security/advisories/GHSA-r64m-h886-hw6gnvdThird Party Advisory

News mentions

No linked articles in our index yet.

cvss	0.416
epss	0.000
exploit	0.000
kev	0.000
patch	0.000
ransomware	0.000