SB2022101270 - Multiple vulnerabilities in Unisoc chipsets
Published: October 12, 2022 Updated: January 9, 2023
Breakdown by Severity
- Low
- Medium
- High
- Critical
Description
This security bulletin contains information about 12 secuirty vulnerabilities.
1) Permissions, Privileges, and Access Controls (CVE-ID: CVE-2022-20440)
The vulnerability allows a local application to escalate privileges on the system.
The vulnerability exists due to unspecified error in UNISOC component. A local application can execute arbitrary code with elevated privileges.
2) Permissions, Privileges, and Access Controls (CVE-ID: CVE-2022-20439)
The vulnerability allows a local application to escalate privileges on the system.
The vulnerability exists due to unspecified error in UNISOC component. A local application can execute arbitrary code with elevated privileges.
3) Permissions, Privileges, and Access Controls (CVE-ID: CVE-2022-20438)
The vulnerability allows a local application to escalate privileges on the system.
The vulnerability exists due to unspecified error in UNISOC component. A local application can execute arbitrary code with elevated privileges.
4) Permissions, Privileges, and Access Controls (CVE-ID: CVE-2022-20437)
The vulnerability allows a local application to escalate privileges on the system.
The vulnerability exists due to unspecified error in UNISOC component. A local application can execute arbitrary code with elevated privileges.
5) Permissions, Privileges, and Access Controls (CVE-ID: CVE-2022-20436)
The vulnerability allows a local application to escalate privileges on the system.
The vulnerability exists due to unspecified error in UNISOC component. A local application can execute arbitrary code with elevated privileges.
6) Permissions, Privileges, and Access Controls (CVE-ID: CVE-2022-20435)
The vulnerability allows a local application to escalate privileges on the system.
The vulnerability exists due to unspecified error in UNISOC component. A local application can execute arbitrary code with elevated privileges.
7) Permissions, Privileges, and Access Controls (CVE-ID: CVE-2022-20434)
The vulnerability allows a local application to escalate privileges on the system.
The vulnerability exists due to unspecified error in UNISOC Telephony component. A local application can execute arbitrary code with elevated privileges.
8) Permissions, Privileges, and Access Controls (CVE-ID: CVE-2022-20433)
The vulnerability allows a local application to escalate privileges on the system.
The vulnerability exists due to unspecified error in UNISOC Telephony component. A local application can execute arbitrary code with elevated privileges.
9) Permissions, Privileges, and Access Controls (CVE-ID: CVE-2022-20432)
The vulnerability allows a local application to escalate privileges on the system.
The vulnerability exists due to unspecified error in UNISOC Telephony component. A local application can execute arbitrary code with elevated privileges.
10) Permissions, Privileges, and Access Controls (CVE-ID: CVE-2022-20431)
The vulnerability allows a local application to escalate privileges on the system.
The vulnerability exists due to unspecified error in UNISOC Telephony component. A local application can execute arbitrary code with elevated privileges.
11) Permissions, Privileges, and Access Controls (CVE-ID: CVE-2022-20430)
The vulnerability allows a local application to escalate privileges on the system.
The vulnerability exists due to unspecified error in UNISOC Telephony component. A local application can execute arbitrary code with elevated privileges.
12) Missing Authorization (CVE-ID: CVE-2022-39119)
The vulnerability allows a local privileged application to execute arbitrary code.
The vulnerability exists due to aIn network service within the network service in Android. A local privileged application can execute arbitrary code.
Remediation
Install update from vendor's website.