Memory Buffer Overflow in UNISOC BootROM Affects RSA Key Validation
CVE-2022-38692

9.8CRITICAL

Key Information:

Vendor: Unisoc (shanghai) Technologies Co., Ltd.
Status: Sc9863a/t310/t610/t618/t606/t612/t616/t760/t770/t820/s8000/
Vendor: CVE Published:; 1 September 2025

🔔 Create Unisoc (shanghai) Technologies Co., Ltd. Vulnerability Alert

What is CVE-2022-38692?

The BootROM from UNISOC contains a flaw in the validation of Certificate Type 0, where a missing size check for RSA keys can lead to a memory buffer overflow. This vulnerability can be exploited without requiring additional execution privileges, posing a potential risk to the integrity of systems using this BootROM.

Affected Version(s)

SC9863A/T310/T610/T618/T606/T612/T616/T760/T770/T820/S8000/ /

References

https://www.nccgroup.com/research-blog/there-s-another-ho...

CVSS V3.1

Score:

9.8

Severity:

CRITICAL

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

None

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Sep 1, 2025
Vulnerability Reserved
Aug 22, 2022