CVE-2022-38692

Summary

In BootROM, there is a missing size check for RSA keys in Certificate Type 0 validation. This could lead to memory buffer overflow without requiring additional execution privileges.

Affected Software

VendorProductVersion RangeStatus
Unisoc (Shanghai) Technologies Co., Ltd.SC9863A/T310/T610/T618/T606/T612/T616/T760/T770/T820/S8000//affected

Weaknesses

ADP Enrichment

CISA ADP Vulnrichment

  • SSVC:
  • Exploitation: none
    • Automatable: yes
    • Technical Impact: total

References