CVE-2022-38691

EIP tracks 1 public exploit for CVE-2022-38691. PoCs published by TomKing062.

AI-analyzed exploit summary This repository contains a functional exploit PoC for CVE-2022-38691, which involves manipulating firmware image headers and certificates to bypass security checks in Spreadtrum (Unisoc) trusted firmware. The code modifies the firmware structure to exploit vulnerabilities in the signature verification process.

In BootROM, there is a possible missing validation for Certificate Type 0. This could lead to local escalation of privilege with no additional execution privileges needed.