CVE-2022-38694

Name of the Vulnerable Software and Affected Versions ZTE versions (affected versions not specified) Vivo versions (affected versions not specified)

Description The issue concerns the locking of bootloaders by certain brands, with ZTE and Vivo being examples. ZTE has started blocking the vulnerability by removing the unlock message on splloader. Vivo blocks root at the kernel level. There is an effort to investigate the firmware, and a backup has been made using spd dump. The goal is to utilize the issue to unlock the bootloader and make Unisoc download mode easily accessible.

Recommendations For ZTE versions, consider disabling the splloader until a patch is available. For Vivo versions, restrict access to the kernel level to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this vulnerability.