CVE-2022-38696
Published: 01 September 2025
Summary
CVE-2022-38696 is a critical-severity Improper Restriction of Operations within the Bounds of a Memory Buffer (CWE-119) vulnerability in Nccgroup (inferred from references). Its CVSS base score is 9.8 (Critical).
Operationally, exploitation aligns with the MITRE ATT&CK technique System Firmware (T1542.001); ranked at the 43.9th percentile by exploit likelihood (below the median); it is not currently listed in the CISA KEV catalog.
The strongest mitigations our analysis identified are NIST 800-53 SI-10 (Information Input Validation) and SI-16 (Memory Protection).
Deeper analysis
CVE-2022-38696 is a vulnerability in BootRom stemming from a missing payload size check, which could lead to a memory buffer overflow without requiring additional execution privileges. The affected component is Unisoc SoC ROM. It has a CVSS v3.1 base score of 9.8 (AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H) and is associated with CWE-119 (Improper Restriction of Operations within the Bounds of a Memory Buffer).
The vulnerability can be exploited by remote attackers requiring no privileges, low complexity, no user interaction, and network access. Successful exploitation enables a memory buffer overflow, resulting in high impacts to confidentiality, integrity, and availability.
Mitigation details are provided in the NCC Group research blog at https://www.nccgroup.com/research-blog/there-s-another-hole-in-your-soc-unisoc-rom-vulnerabilities/.
EU & UK References
- 🇪🇺 ENISA EUVD: EUVD-2022-41265
Vulnerability details
In BootRom, there's a possible missing payload size check. This could lead to memory buffer overflow without requiring additional execution privileges.
- CWE(s)
Related Threats
MITRE ATT&CK Enterprise TechniquesAI
Why these techniques?
Buffer overflow in BootRom (system firmware) directly enables pre-OS boot compromise and exploitation for privilege escalation.
CVEs Like This One
Affected Assets
Mitigating Controls
Mitigating Controls (NIST 800-53 r5) AI
Directly requires validation of payload sizes and other inputs to prevent buffer overflows from missing size checks in BootROM.
Implements memory safeguards like address space randomization and execution prevention to block exploitation of the buffer overflow vulnerability.
Mandates timely remediation of identified flaws such as the missing payload size check in Unisoc SoC ROM code.