Local Escalation of Privilege in UNISOC BootROM Products
CVE-2022-38691
7.8HIGH
Key Information:
- Status
- Vendor
- CVE Published:
- 1 September 2025
What is CVE-2022-38691?
A vulnerability exists in UNISOC BootROM where missing validation for Certificate Type 0 could allow an attacker to escalate privileges locally. This weakness requires no additional execution privileges, potentially giving malicious actors unauthorized access to system resources. It highlights the necessity for robust security measures and validation processes in firmware design.
Affected Version(s)
SC9863A//T310/T610/T618/ /