CVE-2022-38691
Awaiting Analysis
Awaiting Analysis - Queue
BaseFortify
Publication date: 2025-09-01
Last updated on: 2025-09-02
Assigner: Unisoc
Description
Description
In BootROM, there is a possible missing validation for Certificate Type 0. This could lead to local escalation of privilege with no additional execution privileges needed.
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
Currently, no data is known.
Helpful Resources
Exploitability
CWE
KEV
| CWE ID | Description |
|---|---|
| CWE-250 | The product performs an operation at a privilege level that is higher than the minimum level required, which creates new weaknesses or amplifies the consequences of other weaknesses. |
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?
This vulnerability is a possible missing validation for Certificate Type 0 in the BootROM. This flaw could allow a local user to escalate their privileges without needing any additional execution privileges.
How can this vulnerability impact me? :
The vulnerability could allow an attacker with local access to escalate their privileges on the affected system, potentially gaining higher-level access than intended, which could lead to unauthorized actions or control.
Ask Our AI Assistant
Need more information? Ask your question to get an AI reply (Powered by our expertise)
0/70