Report Vulnerability

Unisoc takes the security very seriously and strives to address any security-related issues quickly and appropriately. If you have found a potential security issue in any Unisoc product, please get in touch with us via email: security@unisoc.com. For encrypted communication, you may use our public key.

Information Required:

The following information will help us to evaluate your submission as quickly as possible. If available, please include it in your report:

The issue summary and impact.

Device(s), Product(s), and Software Version(s) (if Android, the Android version, and security patch level) are affected.

Vulnerability overview (e.g. buffer overflow, Out-of-bounds Read, etc.).

Issue description and impact (e.g. information disclosure, bypass the verification, etc.).

Instructions or Steps to Reproduce.

Supported Materials/References.

A proof-of-concept (POC) (including video, image, APK, sample code, etc.).

Expected correct behavior or workaround.

Disclosure plans, if any.

Information You May Care About

We try to address security issues and communicate to our customers within 90 days (e.g. through security bulletins). But there may be unforeseen problems that prevent us from doing so. We will keep you updated throughout the process at the right time.

Rate vulnerabilities based on the Common Vulnerability Scoring System version 3.1 (CVSS v3.1). We reserve the right to deviate from the guidelines if some specific cases are not described in the CVSS score.

Public Key

Please refer to the below information for encrypted communication to security@unisoc.com .
Key Detials:

    key fingerprint: 73E6 3477 10E3 8A01 AFB0 D5E6 0257 3EF5 62C9 C57D <PGP Public Key>.

    2024/02/29 [expires:2026/05/31]