CVE-2022-38694
CVE-2022-38694
In short
A flaw in BootRom allows writing to memory addresses without proper validation, enabling local attackers to escalate their privileges without needing special permissions.
Technical detail
CWE-250 (Execution with Unnecessary Privileges) vulnerability in BootRom permits unchecked writes to arbitrary memory addresses during boot. This allows a local attacker to modify privileged code or data structures, achieving privilege escalation without requiring elevated execution context. The impact is high severity as it compromises system integrity at the firmware level.
Summary generated and translated by AI from the official description.
In BootRom, there is a possible unchecked write address. This could lead to local escalation of privilege with no additional execution privileges needed.
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Affected products
Unisoc (Shanghai) Technologies Co., Ltd. · SC9863A//T310/T610/T618/Want to know if your infrastructure is exposed to this?
Talk to TrueHacking →