CVE-2025-31716
Description
In bootloader, there is a possible out of bounds write due to a missing bounds check. This could lead to local denial of service with no additional execution privileges needed.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
A missing bounds check in the bootloader on several Unisoc chipsets allows a local out-of-bounds write leading to denial of service.
Root
Cause CVE-2025-31716 is a stack-based buffer overflow vulnerability in the bootloader of multiple Unisoc chipsets. The issue is caused by a missing bounds check, which permits an out-of-bounds write when processing input [1].
Exploitation
The vulnerability can be triggered locally without requiring any additional execution privileges — the attacker only needs control over the bootloader's input. The attack vector is local, with low attack complexity and no user interaction needed [1].
Impact
Exploiting this bug leads to a denial of service (DoS) condition, as the out-of-bounds write can corrupt memory or crash the boot process. The CVSS v3.1 score is 5.1 (Medium) with partial impacts to integrity and availability, but no impact on confidentiality [1].
Mitigation
The vulnerability affects devices running Android 13, 14, or 15 that use any of the listed Unisoc chipsets (SC7731E, SC9832E, SC9863A, T310, T606, T612, T616, T610, T618, T750, T765, T760, T770, T820, S8000). Unisoc has published an advisory recommending that device OEMs contact them for patch details [1].
AI Insight generated on May 19, 2026. Synthesized from this CVE's description and the cited reference URLs; citations are validated against the source bundle.
Affected products
1Patches
0No patches discovered yet.
Vulnerability mechanics
AI mechanics synthesis has not run for this CVE yet.
References
1News mentions
0No linked articles in our index yet.