BI.ZONE uncovers Rockchip processor vulnerability

The flaw (BDU:2026‑03417) has been assigned a CVSS 3.1 score of 7.5 and may allow unauthorized access to user data

April 22, 2026

The BI.ZONE ESSA research laboratory has identified the BDU:2026‑03417 vulnerability in the Rockchip RK3588 processor. This component is widely used in robotics, industrial POS systems, set‑top boxes, AI computing platforms, and other solutions requiring high processing resources.

Exploitation of BDU:2026‑a03417 allows threat actors to bypass Secure Boot, extract firmware encryption keys, and access code running on a device as well as other stored user data.

The vulnerability received a CVSS 3.1 score of 7.5. The vendor was notified of the issue in accordance with the responsible vulnerability disclosure policy.

The flaw stems from the SoC’s exposure to fault injection attacks. This type of hardware compromise briefly disrupts the internal logic states of an integrated circuit, causing a device to behave abnormally.

To mitigate this risk, we recommend restricting physical access to devices that run critical code or store sensitive data.

Yury Kupashev

Product Owner, BI.ZONE ESSA

Fuzhou Rockchip Electronics is a leading fabless integrated circuit (IC) design company founded in 2021. In 2018, it ranked among the top 50 IC manufacturers. The company has collaborated with Google, Microsoft, and Intel, and serves as an OEM component supplier for Asus, HP, Samsung, and Toshiba.

The BI.ZONE ESSA research laboratory provides specialized expertise in practical cybersecurity, focusing on the comprehensive security analysis of embedded systems and their components.