Vulnerability Lookup

🛡️ CVE-2022-46152

🟠 CVSS 8.2 — High ⚠️ Exploit Public CWE-129 NVD

8.2

CVSS Score

0 Low4 Medium7 High9 Critical10

Description

OP-TEE Trusted OS is the secure side implementation of OP-TEE project, a Trusted Execution Environment. Versions prior to 3.19.0, contain an Improper Validation of Array Index vulnerability. The function `cleanup_shm_refs()` is called by both `entry_invoke_command()` and `entry_open_session()`. The commands `OPTEE_MSG_CMD_OPEN_SESSION` and `OPTEE_MSG_CMD_INVOKE_COMMAND` can be executed from the normal world via an OP-TEE SMC. This function is not validating the `num_params` argument, which is only limited to `OPTEE_MSG_MAX_NUM_PARAMS` (127) in the function `get_cmd_buffer()`. Therefore, an attacker in the normal world can craft an SMC call that will cause out-of-bounds reading in `cleanup_shm_refs` and potentially freeing of fake-objects in the function `mobj_put()`. A normal-world attacker with permission to execute SMC instructions may exploit this flaw. Maintainers believe this problem permits local privilege escalation from the normal world to the secure world. Version 3.19.0 contains a fix for this issue. There are no known workarounds.

Details

Severity HIGH

CVSS Score 8.2

CVSS Vector CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H

CWE CWE-129

Public Exploit ⚠️ Yes

Source NVD

Published 2022-11-29

Updated 2026-06-08

Modified 2026-06-05

Fix URL https://github.com/OP-TEE/optee_os/commit/728616b28df659cf0bdde6e58a471f6ef25d023c

Affected Packages

Software	From version	Fixed in
op-tee	—	3.19.0

References

Third Party Advisory https://github.com/OP-TEE/optee_os/blob/c2d449482de098f1c894b94f338440e5a327813d/core/tee/entry_std.c#L257

Patch, Third Party Advisory https://github.com/OP-TEE/optee_os/commit/728616b28df659cf0bdde6e58a471f6ef25d023c

Exploit, Third Party Advisory https://github.com/OP-TEE/optee_os/security/advisories/GHSA-65w8-6mrg-52g7

Third Party Advisory, US Government Resource https://nvd.nist.gov/vuln-metrics/cvss/v3-calculator?vector=AV:L/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H/E:U/RL:X/RC:X/CR:M/IR:M/AR:M/MAV:L/MAC:L/MPR:H/MUI:N/MS:C/MC:H/MI:H/MA:H&version=3.1

Third Party Advisory https://github.com/OP-TEE/optee_os/blob/c2d449482de098f1c894b94f338440e5a327813d/core/tee/entry_std.c#L257

Patch, Third Party Advisory https://github.com/OP-TEE/optee_os/commit/728616b28df659cf0bdde6e58a471f6ef25d023c

Exploit, Third Party Advisory https://github.com/OP-TEE/optee_os/security/advisories/GHSA-65w8-6mrg-52g7

🔗 NVD 🔗 Mitre ✅ Fix / Advisory

Similar Threats

Site Security Check

Concerned your site may already be targeted?

BotEraser analyzes incoming traffic patterns and helps identify bot behavior consistent with known exploit attempts.

Check My Site Free →

No credit card required · Results in minutes

ⓘ Data Notice: The information presented above has been compiled from publicly available internet sources. Boteraser aggregates this data solely for informational purposes and does not independently classify, evaluate, or endorse any findings about the vulnerabilities listed. The accuracy and completeness of this information is the sole responsibility of the original publishers. Boteraser and its operators accept no liability for any decisions made based on this data.

Concerned your site may already be targeted?

Company

Resources

Services

Trusted

Subscribe