Security vulnerability refers to a defect or weakness in system design, deployment, operation, or management that can be exploited to violate a security policy.
You can report potential vulnerabilities to HiSilicon (Shanghai) PSIRT at firstname.lastname@example.org in an encrypted manner. As vulnerability information is highly sensitive, it is strongly recommended that you use our public PGP key (key ID 0x4BCA64E4; PGP fingerprint: 23CD 0BD9 D4B5 C734 ED1E 1257 B037 2728 4BCA 64E4) to encrypt reported information. To facilitate vulnerability verification and locating, include at least the following information in the email:
• Organization and contact (where necessary)
• Products/solutions and versions affected
• Description of potential vulnerabilities
• Technical details (such as system configuration, traces, description of exploit, sample packet capture, proof of concept, and steps to reproduce the vulnerability)
• Potential disclosure plan
Note: HiSilicon (Shanghai) does not directly sell chip products to end users but sells chipsets, SDKs, and documents to manufacturers who can add, modify, and delete the code we provide based on their requirements. That means we cannot provide technical support for end users on devices. If you encounter any problems when using any product containing chipsets from HiSilicon (Shanghai), contact manufacturer for direct technical support.
We would like to thank the individuals and teams who report valid vulnerabilities and work with us in responsible disclosure.
For general issues concerning the products and solutions of HiSilicon (Shanghai), contact HiSilicon (Shanghai) Technical Assistance Center (TAC) for technical support. Any security vulnerabilities identified by TAC will be escalated internally to PSIRT for resolution.