Multiple vulnerabilities in Unisoc chipsets
| Risk | Medium |
| Patch available | YES |
| Number of vulnerabilities | 38 |
| CVE-ID | CVE-2022-39080 CVE-2022-39111 CVE-2022-39110 CVE-2022-39109 CVE-2022-39108 CVE-2022-38679 CVE-2022-39107 CVE-2022-39103 CVE-2022-38698 CVE-2022-39113 CVE-2022-38697 CVE-2022-39117 CVE-2022-38687 CVE-2022-38677 CVE-2022-38689 CVE-2022-38688 CVE-2022-38671 CVE-2022-39112 CVE-2022-39114 CVE-2022-38676 CVE-2022-38690 CVE-2022-39105 CVE-2022-2985 CVE-2022-38670 CVE-2022-38669 CVE-2022-2984 CVE-2022-38673 CVE-2022-38672 CVE-2022-39128 CVE-2022-39115 CVE-2022-39127 CVE-2022-39126 CVE-2022-39125 CVE-2022-39124 CVE-2022-39123 CVE-2022-39122 CVE-2022-39121 CVE-2022-39120 |
| CWE-ID | CWE-862 CWE-400 CWE-200 CWE-126 CWE-122 CWE-119 CWE-190 CWE-264 CWE-787 CWE-125 CWE-121 CWE-120 |
| Exploitation vector | Network |
| Public exploit | N/A |
| Vulnerable software Subscribe |
SC9863A Mobile applications / Mobile firmware & hardware SC9832E Mobile applications / Mobile firmware & hardware SC7731E Mobile applications / Mobile firmware & hardware T610 Mobile applications / Mobile firmware & hardware T310 Mobile applications / Mobile firmware & hardware T606 Mobile applications / Mobile firmware & hardware T760 Mobile applications / Mobile firmware & hardware T618 Mobile applications / Mobile firmware & hardware T612 Mobile applications / Mobile firmware & hardware T616 Mobile applications / Mobile firmware & hardware T770 Mobile applications / Mobile firmware & hardware T820 Mobile applications / Mobile firmware & hardware S8000 Mobile applications / Mobile firmware & hardware |
| Vendor | UNISOC |
Security Bulletin
This security bulletin contains information about 38 vulnerabilities.
1) Missing Authorization
EUVDB-ID: #VU70863
Risk: Low
CVSSv3.1: 4.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C]
CVE-ID: CVE-2022-39080
CWE-ID:
CWE-862 - Missing Authorization
Exploit availability: No
DescriptionThe vulnerability allows a local application to gain access to sensitive information.
The vulnerability exists due to a missing permission check within the messaging service in Android. A local application can gain access to sensitive information.
MitigationInstall update from vendor's website.
Vulnerable software versionsSC9863A: All versions
SC9832E: All versions
SC7731E: All versions
T610: All versions
T310: All versions
T606: All versions
T760: All versions
T618: All versions
T612: All versions
T616: All versions
T770: All versions
T820: All versions
S8000: All versions
External linkshttp://www.unisoc.com/en_us/secy/announcementDetail/1575654905820020738
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
2) Missing Authorization
EUVDB-ID: #VU70856
Risk: Low
CVSSv3.1: 3.9 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:L/E:U/RL:O/RC:C]
CVE-ID: CVE-2022-39111
CWE-ID:
CWE-862 - Missing Authorization
Exploit availability: No
DescriptionThe vulnerability allows a local application to manipulate or delete data.
The vulnerability exists due to a missing permission check within the Music service in Android. A local application can manipulate or delete data.
MitigationInstall update from vendor's website.
Vulnerable software versionsSC9863A: All versions
SC9832E: All versions
SC7731E: All versions
T610: All versions
T310: All versions
T606: All versions
T760: All versions
T618: All versions
T612: All versions
T616: All versions
T770: All versions
T820: All versions
S8000: All versions
External linkshttp://www.unisoc.com/en_us/secy/announcementDetail/1575654905820020738
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
3) Missing Authorization
EUVDB-ID: #VU70857
Risk: Low
CVSSv3.1: 3.9 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:L/E:U/RL:O/RC:C]
CVE-ID: CVE-2022-39110
CWE-ID:
CWE-862 - Missing Authorization
Exploit availability: No
DescriptionThe vulnerability allows a local application to manipulate or delete data.
The vulnerability exists due to a missing permission check within the Music service in Android. A local application can manipulate or delete data.
MitigationInstall update from vendor's website.
Vulnerable software versionsSC9863A: All versions
SC9832E: All versions
SC7731E: All versions
T610: All versions
T310: All versions
T606: All versions
T760: All versions
T618: All versions
T612: All versions
T616: All versions
T770: All versions
T820: All versions
S8000: All versions
External linkshttp://www.unisoc.com/en_us/secy/announcementDetail/1575654905820020738
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
4) Missing Authorization
EUVDB-ID: #VU70858
Risk: Low
CVSSv3.1: 3.9 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:L/E:U/RL:O/RC:C]
CVE-ID: CVE-2022-39109
CWE-ID:
CWE-862 - Missing Authorization
Exploit availability: No
DescriptionThe vulnerability allows a local application to manipulate or delete data.
The vulnerability exists due to a missing permission check within the Music service in Android. A local application can manipulate or delete data.
MitigationInstall update from vendor's website.
Vulnerable software versionsSC9863A: All versions
SC9832E: All versions
SC7731E: All versions
T610: All versions
T310: All versions
T606: All versions
T760: All versions
T618: All versions
T612: All versions
T616: All versions
T770: All versions
T820: All versions
S8000: All versions
External linkshttp://www.unisoc.com/en_us/secy/announcementDetail/1575654905820020738
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
5) Missing Authorization
EUVDB-ID: #VU70859
Risk: Low
CVSSv3.1: 3.9 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:L/E:U/RL:O/RC:C]
CVE-ID: CVE-2022-39108
CWE-ID:
CWE-862 - Missing Authorization
Exploit availability: No
DescriptionThe vulnerability allows a local application to manipulate or delete data.
The vulnerability exists due to a missing permission check within the Music service in Android. A local application can manipulate or delete data.
MitigationInstall update from vendor's website.
Vulnerable software versionsSC9863A: All versions
SC9832E: All versions
SC7731E: All versions
T610: All versions
T310: All versions
T606: All versions
T760: All versions
T618: All versions
T612: All versions
T616: All versions
T770: All versions
T820: All versions
S8000: All versions
External linkshttp://www.unisoc.com/en_us/secy/announcementDetail/1575654905820020738
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
6) Resource exhaustion
EUVDB-ID: #VU70860
Risk: Medium
CVSSv3.1: 5.7 [CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2022-38679
CWE-ID:
CWE-400 - Resource exhaustion
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to perform a denial of service (DoS) attack.
The vulnerability exists due to a missing permission check within the music service in Android. A remote attacker can trick the victim to open a specially crafted file and perform a denial of service (DoS) attack.
MitigationInstall update from vendor's website.
Vulnerable software versionsSC9863A: All versions
SC9832E: All versions
SC7731E: All versions
T610: All versions
T310: All versions
T606: All versions
T760: All versions
T618: All versions
T612: All versions
T616: All versions
T770: All versions
T820: All versions
S8000: All versions
External linkshttp://www.unisoc.com/en_us/secy/announcementDetail/1575654905820020738
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
7) Missing Authorization
EUVDB-ID: #VU70861
Risk: Low
CVSSv3.1: 3.9 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:L/E:U/RL:O/RC:C]
CVE-ID: CVE-2022-39107
CWE-ID:
CWE-862 - Missing Authorization
Exploit availability: No
DescriptionThe vulnerability allows a local application to manipulate or delete data.
The vulnerability exists due to a missing permission check within the Soundrecorder service in Android. A local application can manipulate or delete data.
MitigationInstall update from vendor's website.
Vulnerable software versionsSC9863A: All versions
SC9832E: All versions
SC7731E: All versions
T610: All versions
T310: All versions
T606: All versions
T760: All versions
T618: All versions
T612: All versions
T616: All versions
T770: All versions
T820: All versions
S8000: All versions
External linkshttp://www.unisoc.com/en_us/secy/announcementDetail/1575654905820020738
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
8) Missing Authorization
EUVDB-ID: #VU70862
Risk: Medium
CVSSv3.1: 5.7 [CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2022-39103
CWE-ID:
CWE-862 - Missing Authorization
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to perform a denial of service (DoS) attack.
The vulnerability exists due to a missing permission check within the Gallery service in Android. A remote attacker can trick the victim to open a specially crafted file and perform a denial of service (DoS) attack.
MitigationInstall update from vendor's website.
Vulnerable software versionsSC9863A: All versions
SC9832E: All versions
SC7731E: All versions
T610: All versions
T310: All versions
T606: All versions
T760: All versions
T618: All versions
T612: All versions
T616: All versions
T770: All versions
T820: All versions
S8000: All versions
External linkshttp://www.unisoc.com/en_us/secy/announcementDetail/1575654905820020738
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
9) Missing Authorization
EUVDB-ID: #VU70864
Risk: Low
CVSSv3.1: 4.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C]
CVE-ID: CVE-2022-38698
CWE-ID:
CWE-862 - Missing Authorization
Exploit availability: No
DescriptionThe vulnerability allows a local application to gain access to sensitive information.
The vulnerability exists due to a missing permission check within the messaging service in Android. A local application can gain access to sensitive information.
MitigationInstall update from vendor's website.
Vulnerable software versionsSC9863A: All versions
SC9832E: All versions
SC7731E: All versions
T610: All versions
T310: All versions
T606: All versions
T760: All versions
T618: All versions
T612: All versions
T616: All versions
T770: All versions
T820: All versions
S8000: All versions
External linkshttp://www.unisoc.com/en_us/secy/announcementDetail/1575654905820020738
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
10) Missing Authorization
EUVDB-ID: #VU70854
Risk: Low
CVSSv3.1: 3.9 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:L/E:U/RL:O/RC:C]
CVE-ID: CVE-2022-39113
CWE-ID:
CWE-862 - Missing Authorization
Exploit availability: No
DescriptionThe vulnerability allows a local application to manipulate or delete data.
The vulnerability exists due to a missing permission check within the Music service in Android. A local application can manipulate or delete data.
MitigationInstall update from vendor's website.
Vulnerable software versionsSC9863A: All versions
SC9832E: All versions
SC7731E: All versions
T610: All versions
T310: All versions
T606: All versions
T760: All versions
T618: All versions
T612: All versions
T616: All versions
T770: All versions
T820: All versions
S8000: All versions
External linkshttp://www.unisoc.com/en_us/secy/announcementDetail/1575654905820020738
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
11) Missing Authorization
EUVDB-ID: #VU70865
Risk: Low
CVSSv3.1: 4.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C]
CVE-ID: CVE-2022-38697
CWE-ID:
CWE-862 - Missing Authorization
Exploit availability: No
DescriptionThe vulnerability allows a local application to gain access to sensitive information.
The vulnerability exists due to a missing permission check within the messaging service in Android. A local application can gain access to sensitive information.
MitigationInstall update from vendor's website.
Vulnerable software versionsSC9863A: All versions
SC9832E: All versions
SC7731E: All versions
T610: All versions
T310: All versions
T606: All versions
T760: All versions
T618: All versions
T612: All versions
T616: All versions
T770: All versions
T820: All versions
S8000: All versions
External linkshttp://www.unisoc.com/en_us/secy/announcementDetail/1575654905820020738
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
12) Missing Authorization
EUVDB-ID: #VU70866
Risk: Low
CVSSv3.1: 4.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C]
CVE-ID: CVE-2022-39117
CWE-ID:
CWE-862 - Missing Authorization
Exploit availability: No
DescriptionThe vulnerability allows a local application to gain access to sensitive information.
The vulnerability exists due to a missing permission check within the messaging service in Android. A local application can gain access to sensitive information.
MitigationInstall update from vendor's website.
Vulnerable software versionsSC9863A: All versions
SC9832E: All versions
SC7731E: All versions
T610: All versions
T310: All versions
T606: All versions
T760: All versions
T618: All versions
T612: All versions
T616: All versions
T770: All versions
T820: All versions
S8000: All versions
External linkshttp://www.unisoc.com/en_us/secy/announcementDetail/1575654905820020738
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
13) Resource exhaustion
EUVDB-ID: #VU70867
Risk: Medium
CVSSv3.1: 5.7 [CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2022-38687
CWE-ID:
CWE-400 - Resource exhaustion
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to perform a denial of service (DoS) attack.
The vulnerability exists due to a missing permission check within the messaging service in Android. A remote attacker can trick the victim to open a specially crafted file and perform a denial of service (DoS) attack.
MitigationInstall update from vendor's website.
Vulnerable software versionsSC9863A: All versions
SC9832E: All versions
SC7731E: All versions
T610: All versions
T310: All versions
T606: All versions
T760: All versions
T618: All versions
T612: All versions
T616: All versions
T770: All versions
T820: All versions
S8000: All versions
External linkshttp://www.unisoc.com/en_us/secy/announcementDetail/1575654905820020738
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
14) Resource exhaustion
EUVDB-ID: #VU70868
Risk: Low
CVSSv3.1: 3.9 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:L/E:U/RL:O/RC:C]
CVE-ID: CVE-2022-38677
CWE-ID:
CWE-400 - Resource exhaustion
Exploit availability: No
DescriptionThe vulnerability allows a local application to manipulate or delete data.
The vulnerability exists due to a missing permission check within the cellbroadcastreceiver in Android. A local application can manipulate or delete data.
MitigationInstall update from vendor's website.
Vulnerable software versionsSC9863A: All versions
SC9832E: All versions
SC7731E: All versions
T610: All versions
T310: All versions
T606: All versions
T760: All versions
T618: All versions
T612: All versions
T616: All versions
T770: All versions
T820: All versions
S8000: All versions
External linkshttp://www.unisoc.com/en_us/secy/announcementDetail/1575654905820020738
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
15) Information Exposure
EUVDB-ID: #VU70869
Risk: Low
CVSSv3.1: 4.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C]
CVE-ID: CVE-2022-38689
CWE-ID:
CWE-200 - Information exposure
Exploit availability: No
DescriptionThe vulnerability allows a local application to gain access to sensitive information.
The vulnerability exists due to a missing permission check within the telephony service in Android. A local application can gain access to sensitive information.
MitigationInstall update from vendor's website.
Vulnerable software versionsSC9863A: All versions
SC9832E: All versions
SC7731E: All versions
T610: All versions
T310: All versions
T606: All versions
T760: All versions
T618: All versions
T612: All versions
T616: All versions
T770: All versions
T820: All versions
S8000: All versions
External linkshttp://www.unisoc.com/en_us/secy/announcementDetail/1575654905820020738
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
16) Information Exposure
EUVDB-ID: #VU70870
Risk: Low
CVSSv3.1: 4.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C]
CVE-ID: CVE-2022-38688
CWE-ID:
CWE-200 - Information exposure
Exploit availability: No
DescriptionThe vulnerability allows a local application to gain access to sensitive information.
The vulnerability exists due to a missing permission check within the telephony service in Android. A local application can gain access to sensitive information.
MitigationInstall update from vendor's website.
Vulnerable software versionsSC9863A: All versions
SC9832E: All versions
SC7731E: All versions
T610: All versions
T310: All versions
T606: All versions
T760: All versions
T618: All versions
T612: All versions
T616: All versions
T770: All versions
T820: All versions
S8000: All versions
External linkshttp://www.unisoc.com/en_us/secy/announcementDetail/1575654905820020738
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
17) Buffer over-read
EUVDB-ID: #VU70871
Risk: Low
CVSSv3.1: 6.4 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:N/I:H/A:L/E:U/RL:O/RC:C]
CVE-ID: CVE-2022-38671
CWE-ID:
CWE-126 - Buffer over-read
Exploit availability: No
DescriptionThe vulnerability allows a local application to perform a denial of service (DoS) attack.
The vulnerability exists due to a possible out of bounds write due to a missing bounds check within the camera driver in Kernel. A local application can perform a denial of service (DoS) attack.
MitigationInstall update from vendor's website.
Vulnerable software versionsSC9863A: All versions
SC9832E: All versions
SC7731E: All versions
T610: All versions
T310: All versions
T606: All versions
T760: All versions
T618: All versions
T612: All versions
T616: All versions
T770: All versions
T820: All versions
S8000: All versions
External linkshttp://www.unisoc.com/en_us/secy/announcementDetail/1575654905820020738
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
18) Missing Authorization
EUVDB-ID: #VU70855
Risk: Low
CVSSv3.1: 3.9 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:L/E:U/RL:O/RC:C]
CVE-ID: CVE-2022-39112
CWE-ID:
CWE-862 - Missing Authorization
Exploit availability: No
DescriptionThe vulnerability allows a local application to manipulate or delete data.
The vulnerability exists due to a missing permission check within the Music service in Android. A local application can manipulate or delete data.
MitigationInstall update from vendor's website.
Vulnerable software versionsSC9863A: All versions
SC9832E: All versions
SC7731E: All versions
T610: All versions
T310: All versions
T606: All versions
T760: All versions
T618: All versions
T612: All versions
T616: All versions
T770: All versions
T820: All versions
S8000: All versions
External linkshttp://www.unisoc.com/en_us/secy/announcementDetail/1575654905820020738
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
19) Missing Authorization
EUVDB-ID: #VU70853
Risk: Low
CVSSv3.1: 3.9 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:L/E:U/RL:O/RC:C]
CVE-ID: CVE-2022-39114
CWE-ID:
CWE-862 - Missing Authorization
Exploit availability: No
DescriptionThe vulnerability allows a local application to manipulate or delete data.
The vulnerability exists due to a missing permission check within the Music service in Android. A local application can manipulate or delete data.
MitigationInstall update from vendor's website.
Vulnerable software versionsSC9863A: All versions
SC9832E: All versions
SC7731E: All versions
T610: All versions
T310: All versions
T606: All versions
T760: All versions
T618: All versions
T612: All versions
T616: All versions
T770: All versions
T820: All versions
S8000: All versions
External linkshttp://www.unisoc.com/en_us/secy/announcementDetail/1575654905820020738
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
20) Heap-based buffer overflow
EUVDB-ID: #VU69060
Risk: Low
CVSSv3.1: 4.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2022-38676
CWE-ID:
CWE-122 - Heap-based Buffer Overflow
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to a boundary error within the gpu driver. A local application can trigger a heap-based buffer overflow and crash the kernel.
Install update from vendor's website.
Vulnerable software versionsSC9863A: All versions
SC9832E: All versions
SC7731E: All versions
T610: All versions
T310: All versions
T606: All versions
T760: All versions
T618: All versions
T612: All versions
T616: All versions
T770: All versions
T820: All versions
S8000: All versions
External linkshttp://www.unisoc.com/en_us/secy/announcementDetail/1575654905820020738
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
21) Buffer overflow
EUVDB-ID: #VU69061
Risk: Low
CVSSv3.1: 4.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2022-38690
CWE-ID:
CWE-119 - Memory corruption
Exploit availability: No
DescriptionThe vulnerability allows a local application to perform a denial of service (DoS) attack.
The vulnerability exists due to a boundary error within the camera driver. A local application can trigger memory corruption and crash the system.
Install update from vendor's website.
Vulnerable software versionsSC9863A: All versions
SC9832E: All versions
SC7731E: All versions
T610: All versions
T310: All versions
T606: All versions
T760: All versions
T618: All versions
T612: All versions
T616: All versions
T770: All versions
T820: All versions
S8000: All versions
External linkshttp://www.unisoc.com/en_us/secy/announcementDetail/1575654905820020738
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
22) Integer overflow
EUVDB-ID: #VU69057
Risk: Low
CVSSv3.1: 4.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2022-39105
CWE-ID:
CWE-190 - Integer overflow
Exploit availability: No
DescriptionThe vulnerability allows a local application to perform a denial of service (DoS) attack.
The vulnerability exists due to integer overflow within the sensor driver. A local application can trigger memory corruption and perform a denial of service (DoS) attack.
Install update from vendor's website.
Vulnerable software versionsSC9863A: All versions
SC9832E: All versions
SC7731E: All versions
T610: All versions
T310: All versions
T606: All versions
T760: All versions
T618: All versions
T612: All versions
T616: All versions
T770: All versions
T820: All versions
S8000: All versions
External linkshttp://www.unisoc.com/en_us/secy/announcementDetail/1575654905820020738
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
23) Permissions, Privileges, and Access Controls
EUVDB-ID: #VU69054
Risk: Low
CVSSv3.1: 6.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2022-2985
CWE-ID:
CWE-264 - Permissions, Privileges, and Access Controls
Exploit availability: No
DescriptionThe vulnerability allows a local application to escalate privileges on the system.
The vulnerability exists due to improperly imposed security restrictions within the Music service. A local application can escalate privileges on the system.
Install update from vendor's website.
Vulnerable software versionsSC9863A: All versions
SC9832E: All versions
SC7731E: All versions
T610: All versions
T310: All versions
T606: All versions
T760: All versions
T618: All versions
T612: All versions
T616: All versions
T770: All versions
T820: All versions
S8000: All versions
External linkshttp://www.unisoc.com/en_us/secy/announcementDetail/1575654905820020738
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
24) Permissions, Privileges, and Access Controls
EUVDB-ID: #VU69056
Risk: Low
CVSSv3.1: 6.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2022-38670
CWE-ID:
CWE-264 - Permissions, Privileges, and Access Controls
Exploit availability: No
DescriptionThe vulnerability allows a local application to escalate privileges on the system.
The vulnerability exists due to improperly imposed security restrictions within the soundrecorder service. A local application can escalate privileges on the system. MitigationInstall update from vendor's website.
Vulnerable software versionsSC9863A: All versions
SC9832E: All versions
SC7731E: All versions
T610: All versions
T310: All versions
T606: All versions
T760: All versions
T618: All versions
T612: All versions
T616: All versions
T770: All versions
T820: All versions
S8000: All versions
External linkshttp://www.unisoc.com/en_us/secy/announcementDetail/1575654905820020738
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
25) Permissions, Privileges, and Access Controls
EUVDB-ID: #VU69055
Risk: Low
CVSSv3.1: 6.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2022-38669
CWE-ID:
CWE-264 - Permissions, Privileges, and Access Controls
Exploit availability: No
DescriptionThe vulnerability allows a local application to escalate privileges on the system.
The vulnerability exists due to improperly imposed security restrictions within the soundrecorder service. A local application can escalate privileges on the system. MitigationInstall update from vendor's website.
Vulnerable software versionsSC9863A: All versions
SC9832E: All versions
SC7731E: All versions
T610: All versions
T310: All versions
T606: All versions
T760: All versions
T618: All versions
T612: All versions
T616: All versions
T770: All versions
T820: All versions
S8000: All versions
External linkshttp://www.unisoc.com/en_us/secy/announcementDetail/1575654905820020738
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
26) Out-of-bounds write
EUVDB-ID: #VU69053
Risk: Low
CVSSv3.1: 4.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2022-2984
CWE-ID:
CWE-787 - Out-of-bounds write
Exploit availability: No
Description The vulnerability allows a local application to perform a denial of service (DoS) attack.
The vulnerability exists due to a boundary error within the jpg driver. A local application can trigger an out-of-bounds write and crash the kernel.
Install update from vendor's website.
Vulnerable software versionsSC9863A: All versions
SC9832E: All versions
SC7731E: All versions
T610: All versions
T310: All versions
T606: All versions
T760: All versions
T618: All versions
T612: All versions
T616: All versions
T770: All versions
T820: All versions
S8000: All versions
External linkshttp://www.unisoc.com/en_us/secy/announcementDetail/1575654905820020738
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
27) Out-of-bounds read
EUVDB-ID: #VU69059
Risk: Low
CVSSv3.1: 4.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2022-38673
CWE-ID:
CWE-125 - Out-of-bounds read
Exploit availability: No
DescriptionThe vulnerability allows a local application to perform a denial of service (DoS) attack.
The vulnerability exists due to a boundary condition within the face detect driver. A local application can trigger an out-of-bounds read and crash the kernel.
Install update from vendor's website.
Vulnerable software versionsSC9863A: All versions
SC9832E: All versions
SC7731E: All versions
T610: All versions
T310: All versions
T606: All versions
T760: All versions
T618: All versions
T612: All versions
T616: All versions
T770: All versions
T820: All versions
S8000: All versions
External linkshttp://www.unisoc.com/en_us/secy/announcementDetail/1575654905820020738
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
28) Stack-based buffer overflow
EUVDB-ID: #VU69058
Risk: Low
CVSSv3.1: 4.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2022-38672
CWE-ID:
CWE-121 - Stack-based buffer overflow
Exploit availability: No
DescriptionThe vulnerability allows a local application to perform a denial of service (DoS) attack.
The vulnerability exists due to a boundary error within the face detect driver. A local application can trigger a stack-based buffer overflow and crash the kernel.
Install update from vendor's website.
Vulnerable software versionsSC9863A: All versions
SC9832E: All versions
SC7731E: All versions
T610: All versions
T310: All versions
T606: All versions
T760: All versions
T618: All versions
T612: All versions
T616: All versions
T770: All versions
T820: All versions
S8000: All versions
External linkshttp://www.unisoc.com/en_us/secy/announcementDetail/1575654905820020738
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
29) Resource exhaustion
EUVDB-ID: #VU70843
Risk: Low
CVSSv3.1: 6.4 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:N/I:H/A:L/E:U/RL:O/RC:C]
CVE-ID: CVE-2022-39128
CWE-ID:
CWE-400 - Resource exhaustion
Exploit availability: No
DescriptionThe vulnerability allows a local application to perform a denial of service (DoS) attack.
The vulnerability exists due to a possible out of bounds write due to a missing bounds check within the sensor driver in Kernel. A local application can perform a denial of service (DoS) attack.
MitigationInstall update from vendor's website.
Vulnerable software versionsSC9863A: All versions
SC9832E: All versions
SC7731E: All versions
T610: All versions
T310: All versions
T606: All versions
T760: All versions
T618: All versions
T612: All versions
T616: All versions
T770: All versions
T820: All versions
S8000: All versions
External linkshttp://www.unisoc.com/en_us/secy/announcementDetail/1575654905820020738
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
30) Missing Authorization
EUVDB-ID: #VU70852
Risk: Low
CVSSv3.1: 3.9 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:L/E:U/RL:O/RC:C]
CVE-ID: CVE-2022-39115
CWE-ID:
CWE-862 - Missing Authorization
Exploit availability: No
DescriptionThe vulnerability allows a local application to manipulate or delete data.
The vulnerability exists due to a missing permission check within the Music service in Android. A local application can manipulate or delete data.
MitigationInstall update from vendor's website.
Vulnerable software versionsSC9863A: All versions
SC9832E: All versions
SC7731E: All versions
T610: All versions
T310: All versions
T606: All versions
T760: All versions
T618: All versions
T612: All versions
T616: All versions
T770: All versions
T820: All versions
S8000: All versions
External linkshttp://www.unisoc.com/en_us/secy/announcementDetail/1575654905820020738
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
31) Resource exhaustion
EUVDB-ID: #VU70844
Risk: Low
CVSSv3.1: 6.4 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:N/I:H/A:L/E:U/RL:O/RC:C]
CVE-ID: CVE-2022-39127
CWE-ID:
CWE-400 - Resource exhaustion
Exploit availability: No
DescriptionThe vulnerability allows a local application to perform a denial of service (DoS) attack.
The vulnerability exists due to a possible out of bounds write due to a missing bounds check within the sensor driver in Kernel. A local application can perform a denial of service (DoS) attack.
MitigationInstall update from vendor's website.
Vulnerable software versionsSC9863A: All versions
SC9832E: All versions
SC7731E: All versions
T610: All versions
T310: All versions
T606: All versions
T760: All versions
T618: All versions
T612: All versions
T616: All versions
T770: All versions
T820: All versions
S8000: All versions
External linkshttp://www.unisoc.com/en_us/secy/announcementDetail/1575654905820020738
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
32) Resource exhaustion
EUVDB-ID: #VU70845
Risk: Low
CVSSv3.1: 6.4 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:N/I:H/A:L/E:U/RL:O/RC:C]
CVE-ID: CVE-2022-39126
CWE-ID:
CWE-400 - Resource exhaustion
Exploit availability: No
DescriptionThe vulnerability allows a local application to perform a denial of service (DoS) attack.
The vulnerability exists due to a possible out of bounds write due to a missing bounds check within the sensor driver in Kernel. A local application can perform a denial of service (DoS) attack.
MitigationInstall update from vendor's website.
Vulnerable software versionsSC9863A: All versions
SC9832E: All versions
SC7731E: All versions
T610: All versions
T310: All versions
T606: All versions
T760: All versions
T618: All versions
T612: All versions
T616: All versions
T770: All versions
T820: All versions
S8000: All versions
External linkshttp://www.unisoc.com/en_us/secy/announcementDetail/1575654905820020738
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
33) Resource exhaustion
EUVDB-ID: #VU70846
Risk: Low
CVSSv3.1: 6.4 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:N/I:H/A:L/E:U/RL:O/RC:C]
CVE-ID: CVE-2022-39125
CWE-ID:
CWE-400 - Resource exhaustion
Exploit availability: No
DescriptionThe vulnerability allows a local application to perform a denial of service (DoS) attack.
The vulnerability exists due to a possible out of bounds write due to a missing bounds check within the sensor driver in Kernel. A local application can perform a denial of service (DoS) attack.
MitigationInstall update from vendor's website.
Vulnerable software versionsSC9863A: All versions
SC9832E: All versions
SC7731E: All versions
T610: All versions
T310: All versions
T606: All versions
T760: All versions
T618: All versions
T612: All versions
T616: All versions
T770: All versions
T820: All versions
S8000: All versions
External linkshttp://www.unisoc.com/en_us/secy/announcementDetail/1575654905820020738
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
34) Resource exhaustion
EUVDB-ID: #VU70847
Risk: Low
CVSSv3.1: 6.4 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:N/I:H/A:L/E:U/RL:O/RC:C]
CVE-ID: CVE-2022-39124
CWE-ID:
CWE-400 - Resource exhaustion
Exploit availability: No
DescriptionThe vulnerability allows a local application to perform a denial of service (DoS) attack.
The vulnerability exists due to a possible out of bounds write due to a missing bounds check within the sensor driver in Kernel. A local application can perform a denial of service (DoS) attack.
MitigationInstall update from vendor's website.
Vulnerable software versionsSC9863A: All versions
SC9832E: All versions
SC7731E: All versions
T610: All versions
T310: All versions
T606: All versions
T760: All versions
T618: All versions
T612: All versions
T616: All versions
T770: All versions
T820: All versions
S8000: All versions
External linkshttp://www.unisoc.com/en_us/secy/announcementDetail/1575654905820020738
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
35) Resource exhaustion
EUVDB-ID: #VU70848
Risk: Low
CVSSv3.1: 6.4 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:N/I:H/A:L/E:U/RL:O/RC:C]
CVE-ID: CVE-2022-39123
CWE-ID:
CWE-400 - Resource exhaustion
Exploit availability: No
DescriptionThe vulnerability allows a local application to perform a denial of service (DoS) attack.
The vulnerability exists due to a possible out of bounds write due to a missing bounds check within the sensor driver in Kernel. A local application can perform a denial of service (DoS) attack.
MitigationInstall update from vendor's website.
Vulnerable software versionsSC9863A: All versions
SC9832E: All versions
SC7731E: All versions
T610: All versions
T310: All versions
T606: All versions
T760: All versions
T618: All versions
T612: All versions
T616: All versions
T770: All versions
T820: All versions
S8000: All versions
External linkshttp://www.unisoc.com/en_us/secy/announcementDetail/1575654905820020738
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
36) Buffer overflow
EUVDB-ID: #VU70849
Risk: Low
CVSSv3.1: 6.4 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:N/I:H/A:L/E:U/RL:O/RC:C]
CVE-ID: CVE-2022-39122
CWE-ID:
CWE-120 - Buffer overflow
Exploit availability: No
DescriptionThe vulnerability allows a local application to perform a denial of service (DoS) attack.
The vulnerability exists due to a possible out of bounds write due to a missing bounds check within the sensor driver in Kernel. A local application can perform a denial of service (DoS) attack.
MitigationInstall update from vendor's website.
Vulnerable software versionsSC9863A: All versions
SC9832E: All versions
SC7731E: All versions
T610: All versions
T310: All versions
T606: All versions
T760: All versions
T618: All versions
T612: All versions
T616: All versions
T770: All versions
T820: All versions
S8000: All versions
External linkshttp://www.unisoc.com/en_us/secy/announcementDetail/1575654905820020738
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
37) Buffer overflow
EUVDB-ID: #VU70850
Risk: Low
CVSSv3.1: 6.4 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:N/I:H/A:L/E:U/RL:O/RC:C]
CVE-ID: CVE-2022-39121
CWE-ID:
CWE-120 - Buffer overflow
Exploit availability: No
DescriptionThe vulnerability allows a local application to perform a denial of service (DoS) attack.
The vulnerability exists due to a possible out of bounds write due to a missing bounds check within the sensor driver in Kernel. A local application can perform a denial of service (DoS) attack.
MitigationInstall update from vendor's website.
Vulnerable software versionsSC9863A: All versions
SC9832E: All versions
SC7731E: All versions
T610: All versions
T310: All versions
T606: All versions
T760: All versions
T618: All versions
T612: All versions
T616: All versions
T770: All versions
T820: All versions
S8000: All versions
External linkshttp://www.unisoc.com/en_us/secy/announcementDetail/1575654905820020738
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
38) Buffer overflow
EUVDB-ID: #VU70851
Risk: Low
CVSSv3.1: 6.4 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:N/I:H/A:L/E:U/RL:O/RC:C]
CVE-ID: CVE-2022-39120
CWE-ID:
CWE-120 - Buffer overflow
Exploit availability: No
DescriptionThe vulnerability allows a local application to perform a denial of service (DoS) attack.
The vulnerability exists due to a possible out of bounds write due to a missing bounds check within the sensor driver in Android. A local application can perform a denial of service (DoS) attack.
MitigationInstall update from vendor's website.
Vulnerable software versionsSC9863A: All versions
SC9832E: All versions
SC7731E: All versions
T610: All versions
T310: All versions
T606: All versions
T760: All versions
T618: All versions
T612: All versions
T616: All versions
T770: All versions
T820: All versions
S8000: All versions
External linkshttp://www.unisoc.com/en_us/secy/announcementDetail/1575654905820020738
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
