UNISOC BootROM RSA Key Validation Vulnerability Leading to Memory Corruption
Vulnerability
A vulnerability exists in the UNISOC BootROM related to the validation of RSA keys in Certificate Type 0. The BootROM fails to properly validate the public RSA key hash, allowing an attacker to introduce a crafted key that could be exploited to cause a memory buffer overflow. This vulnerability does not require additional execution privileges and could lead to arbitrary code execution within the BootROM context.
Impact
Exploitation of this vulnerability allows for memory corruption within the BootROM, with the potential for arbitrary code execution in the context of the BootROM.
Reproduction
The vulnerability can be reproduced by providing a public RSA key through a Certificate Type 0 that is not properly validated. This can be done by manipulating the certificate embedded in the second-stage bootloader image, taking advantage of the BootROM's lack of size checks for RSA keys.
Remediation
Users are advised to avoid leaving their devices unattended and to install the latest software updates to reduce the risk of exploitation.
Vulnerability Rating
Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.