CVE-2022-38692
BaseFortify
Publication date: 2025-09-01
Last updated on: 2025-09-02
Assigner: Unisoc
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| unisoc | bootrom | * |
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-119 | The product performs operations on a memory buffer, but it reads from or writes to a memory location outside the buffer's intended boundary. This may result in read or write operations on unexpected memory locations that could be linked to other variables, data structures, or internal program data. |
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?
CVE-2022-38692 is a vulnerability in the BootROM of UNISOC system-on-chip processors where there is a missing size check for RSA keys during Certificate Type 0 validation. This flaw can lead to a memory buffer overflow without needing any additional execution privileges, potentially allowing an attacker to corrupt memory or execute arbitrary code in the BootROM context. [1]
How can this vulnerability impact me? :
This vulnerability can undermine the secure boot process of devices using affected UNISOC SoCs, allowing attackers to exploit buffer overflows to execute arbitrary code in the BootROM. This can lead to persistent, undetectable backdoors, memory corruption, and compromise of device security and user privacy, especially if an attacker has brief physical access or prior privilege escalation. [1]
How can this vulnerability be detected on my network or system? Can you suggest some commands?
Detection of CVE-2022-38692 involves analyzing the BootROM and recovery mode behavior on affected UNISOC SoCs. Since the vulnerability is a missing size check for RSA keys in Certificate Type 0 validation leading to buffer overflow, direct network detection is not straightforward. However, detection can involve attempting to dump or interact with the BootROM via recovery mode USB or UART interfaces using custom tools that send oversized or malformed payloads to trigger the vulnerability or observe abnormal behavior. Specific commands are not provided, but techniques include sending oversized USB packets or malformed recovery commands to test for buffer overflow conditions as described in the NCC Group research. [1]
What immediate steps should I take to mitigate this vulnerability?
Immediate mitigation steps include disabling or restricting physical access to recovery mode interfaces (USB and UART) on affected devices to prevent exploitation via recovery mode commands. Ensuring that devices have secure boot enabled with custom keys and that default UNISOC private keys are not reused can help prevent BootROM dumping. Vendors should apply firmware updates that include proper size checks and input validation in BootROM and recovery mode handlers once available. Until patches are released, limiting physical access and avoiding use of recovery mode unless necessary are recommended. [1]