Security vulnerability refers to a defect or weakness in system design, deployment, operation, or management that can be exploited to violate a security policy.
You can report potential vulnerabilities to HiSilicon (Shanghai) PSIRT at firstname.lastname@example.org in an encrypted manner. As vulnerability information is highly sensitive, it is strongly recommended that you use our public PGP key (key ID 0xC270DAEC; PGP fingerprint: 9ACF 23E9 4D14 D084 6530 70D5 C914 E1B2 C270 DAEC) to encrypt reported information. To facilitate vulnerability verification and locating, include at least the following information in the email:
• Organization and contact (where necessary)
• Products/solutions and versions affected
• Description of potential vulnerabilities
• Technical details (such as system configuration, traces, description of exploit, sample packet capture, proof of concept, and steps to reproduce the vulnerability)
• Potential disclosure plan
Note: HiSilicon (Shanghai) does not directly sell chip products to end users but sells chipsets, SDKs, and documents to manufacturers who can add, modify, and delete the code we provide based on their requirements. That means we cannot provide technical support for end users on devices. If you encounter any problems when using any product containing chipsets from HiSilicon (Shanghai), contact manufacturer for direct technical support.
We would like to thank the individuals and teams who report valid vulnerabilities and work with us in responsible disclosure.
For general issues concerning the products and solutions of HiSilicon (Shanghai), contact HiSilicon (Shanghai) Technical Assistance Center (TAC) for technical support. Any security vulnerabilities identified by TAC will be escalated internally to PSIRT for resolution.