SB2022120732 - Multiple vulnerabilities in Unisoc chipsets
Published: December 7, 2022 Updated: February 19, 2023
Breakdown by Severity
- Low
- Medium
- High
- Critical
Description
This security bulletin contains information about 49 vulnerabilities.
1) Buffer over-read (CVE-ID: CVE-2022-42768)
CWE-ID: CWE-126 - Buffer over-read
CVSSv4: CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:A/VC:H/VI:L/VA:L/SC:N/SI:N/SA:N/E:U/U:Green
The vulnerability allows a remote attacker to read, manipulate or delete data.
The vulnerability exists due to a possible missing bounds check within the wlan driver in WLAN Firmware. A remote attacker can trick the victim to open a specially crafted file and read, manipulate or delete data.
2) Missing Authorization (CVE-ID: CVE-2022-39094)
CWE-ID: CWE-862 - Missing Authorization
CVSSv4: CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:A/VC:N/VI:H/VA:N/SC:N/SI:N/SA:N/E:U/U:Clear
The vulnerability allows a remote attacker to manipulate data.
The vulnerability exists due to a missing permission check within the power management service in Android. A remote attacker can trick the victim to open a specially crafted file and manipulate data.
3) Missing Authorization (CVE-ID: CVE-2022-39093)
CWE-ID: CWE-862 - Missing Authorization
CVSSv4: CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:A/VC:N/VI:H/VA:N/SC:N/SI:N/SA:N/E:U/U:Clear
The vulnerability allows a remote attacker to manipulate data.
The vulnerability exists due to a missing permission check within the power management service in Android. A remote attacker can trick the victim to open a specially crafted file and manipulate data.
4) Missing Authorization (CVE-ID: CVE-2022-39091)
CWE-ID: CWE-862 - Missing Authorization
CVSSv4: CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:A/VC:N/VI:H/VA:N/SC:N/SI:N/SA:N/E:U/U:Clear
The vulnerability allows a remote attacker to manipulate data.
The vulnerability exists due to a missing permission check within the power management service in Android. A remote attacker can trick the victim to open a specially crafted file and manipulate data.
5) Missing Authorization (CVE-ID: CVE-2022-39092)
CWE-ID: CWE-862 - Missing Authorization
CVSSv4: CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:A/VC:N/VI:H/VA:N/SC:N/SI:N/SA:N/E:U/U:Clear
The vulnerability allows a remote attacker to manipulate data.
The vulnerability exists due to a missing permission check within the power management service in Android. A remote attacker can trick the victim to open a specially crafted file and manipulate data.
6) Missing Authorization (CVE-ID: CVE-2022-39090)
CWE-ID: CWE-862 - Missing Authorization
CVSSv4: CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:A/VC:N/VI:H/VA:N/SC:N/SI:N/SA:N/E:U/U:Clear
The vulnerability allows a remote attacker to manipulate data.
The vulnerability exists due to a missing permission check within the power management service in Android. A remote attacker can trick the victim to open a specially crafted file and manipulate data.
7) Missing Authorization (CVE-ID: CVE-2022-42776)
CWE-ID: CWE-862 - Missing Authorization
CVSSv4: CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:A/VC:L/VI:L/VA:N/SC:N/SI:N/SA:N/E:U/U:Clear
The vulnerability allows a remote attacker to read and manipulate data.
The vulnerability exists due to a missing permission check within the UscAIEngine service in Android. A remote attacker can trick the victim to open a specially crafted file and read and manipulate data.
8) Missing Authorization (CVE-ID: CVE-2022-42778)
CWE-ID: CWE-862 - Missing Authorization
CVSSv4: CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:A/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N/E:U/U:Clear
The vulnerability allows a remote attacker to gain access to sensitive information.
The vulnerability exists due to a missing permission check within the Android. A remote attacker can trick the victim to open a specially crafted file and gain access to sensitive information.
9) Buffer over-read (CVE-ID: CVE-2022-42759)
CWE-ID: CWE-126 - Buffer over-read
CVSSv4: CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:A/VC:H/VI:L/VA:L/SC:N/SI:N/SA:N/E:U/U:Green
The vulnerability allows a remote attacker to read, manipulate or delete data.
The vulnerability exists due to a possible missing bounds check within the wlan driver in WLAN Firmware. A remote attacker can trick the victim to open a specially crafted file and read, manipulate or delete data.
10) Buffer over-read (CVE-ID: CVE-2022-42758)
CWE-ID: CWE-126 - Buffer over-read
CVSSv4: CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:A/VC:H/VI:L/VA:L/SC:N/SI:N/SA:N/E:U/U:Green
The vulnerability allows a remote attacker to read, manipulate or delete data.
The vulnerability exists due to a possible missing bounds check within the wlan driver in WLAN Firmware. A remote attacker can trick the victim to open a specially crafted file and read, manipulate or delete data.
11) Buffer over-read (CVE-ID: CVE-2022-42757)
CWE-ID: CWE-126 - Buffer over-read
CVSSv4: CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:A/VC:H/VI:L/VA:L/SC:N/SI:N/SA:N/E:U/U:Green
The vulnerability allows a remote attacker to read, manipulate or delete data.
The vulnerability exists due to a possible missing bounds check within the wlan driver in WLAN Firmware. A remote attacker can trick the victim to open a specially crafted file and read, manipulate or delete data.
12) Integer overflow (CVE-ID: CVE-2022-42767)
CWE-ID: CWE-190 - Integer overflow
CVSSv4: CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:A/VC:H/VI:L/VA:L/SC:N/SI:N/SA:N/E:U/U:Green
The vulnerability allows a remote attacker to read, manipulate or delete data.
The vulnerability exists due to a possible missing bounds check within the wlan driver in WLAN Firmware. A remote attacker can trick the victim to open a specially crafted file and read, manipulate or delete data.
13) Missing Authorization (CVE-ID: CVE-2022-39096)
CWE-ID: CWE-862 - Missing Authorization
CVSSv4: CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:A/VC:N/VI:H/VA:N/SC:N/SI:N/SA:N/E:U/U:Clear
The vulnerability allows a remote attacker to manipulate data.
The vulnerability exists due to a missing permission check within the power management service in Android. A remote attacker can trick the victim to open a specially crafted file and manipulate data.
14) Information Exposure (CVE-ID: CVE-2022-42766)
CWE-ID: CWE-200 - Exposure of sensitive information to an unauthorized actor
CVSSv4: CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:A/VC:H/VI:L/VA:L/SC:N/SI:N/SA:N/E:U/U:Green
The vulnerability allows a remote attacker to read, manipulate or delete data.
The vulnerability exists due to a possible missing permission check within the wlan driver in WLAN Firmware. A remote attacker can trick the victim to open a specially crafted file and read, manipulate or delete data.
15) Integer overflow (CVE-ID: CVE-2022-42765)
CWE-ID: CWE-190 - Integer overflow
CVSSv4: CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:A/VC:H/VI:L/VA:L/SC:N/SI:N/SA:N/E:U/U:Green
The vulnerability allows a remote attacker to read, manipulate or delete data.
The vulnerability exists due to a possible missing bounds check within the wlan driver in WLAN Firmware. A remote attacker can trick the victim to open a specially crafted file and read, manipulate or delete data.
16) Integer overflow (CVE-ID: CVE-2022-42764)
CWE-ID: CWE-190 - Integer overflow
CVSSv4: CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:A/VC:H/VI:L/VA:L/SC:N/SI:N/SA:N/E:U/U:Green
The vulnerability allows a remote attacker to read, manipulate or delete data.
The vulnerability exists due to a possible missing bounds check within the wlan driver in WLAN Firmware. A remote attacker can trick the victim to open a specially crafted file and read, manipulate or delete data.
17) Integer overflow (CVE-ID: CVE-2022-42763)
CWE-ID: CWE-190 - Integer overflow
CVSSv4: CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:A/VC:H/VI:L/VA:L/SC:N/SI:N/SA:N/E:U/U:Green
The vulnerability allows a remote attacker to read, manipulate or delete data.
The vulnerability exists due to a possible missing bounds check within the wlan driver in WLAN Firmware. A remote attacker can trick the victim to open a specially crafted file and read, manipulate or delete data.
18) Information Exposure (CVE-ID: CVE-2022-42782)
CWE-ID: CWE-200 - Exposure of sensitive information to an unauthorized actor
CVSSv4: CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:A/VC:H/VI:L/VA:L/SC:N/SI:N/SA:N/E:U/U:Green
The vulnerability allows a remote attacker to read, manipulate or delete data.
The vulnerability exists due to a possible missing permission check within the wlan driver in WLAN Firmware. A remote attacker can trick the victim to open a specially crafted file and read, manipulate or delete data.
19) Buffer over-read (CVE-ID: CVE-2022-42781)
CWE-ID: CWE-126 - Buffer over-read
CVSSv4: CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:A/VC:H/VI:L/VA:L/SC:N/SI:N/SA:N/E:U/U:Green
The vulnerability allows a remote attacker to read, manipulate or delete data.
The vulnerability exists due to a possible missing bounds check within the wlan driver in WLAN Firmware. A remote attacker can trick the victim to open a specially crafted file and read, manipulate or delete data.
20) Buffer over-read (CVE-ID: CVE-2022-42780)
CWE-ID: CWE-126 - Buffer over-read
CVSSv4: CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:A/VC:H/VI:L/VA:L/SC:N/SI:N/SA:N/E:U/U:Green
The vulnerability allows a remote attacker to read, manipulate or delete data.
The vulnerability exists due to a possible missing bounds check within the wlan driver in WLAN Firmware. A remote attacker can trick the victim to open a specially crafted file and read, manipulate or delete data.
21) Buffer over-read (CVE-ID: CVE-2022-42762)
CWE-ID: CWE-126 - Buffer over-read
CVSSv4: CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:A/VC:H/VI:L/VA:L/SC:N/SI:N/SA:N/E:U/U:Green
The vulnerability allows a remote attacker to read, manipulate or delete data.
The vulnerability exists due to a possible missing bounds check within the wlan driver in WLAN Firmware. A remote attacker can trick the victim to open a specially crafted file and read, manipulate or delete data.
22) Buffer over-read (CVE-ID: CVE-2022-42779)
CWE-ID: CWE-126 - Buffer over-read
CVSSv4: CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:A/VC:H/VI:L/VA:L/SC:N/SI:N/SA:N/E:U/U:Green
The vulnerability allows a remote attacker to read, manipulate or delete data.
The vulnerability exists due to a possible missing bounds check within the wlan driver in WLAN Firmware. A remote attacker can trick the victim to open a specially crafted file and read, manipulate or delete data.
23) Buffer over-read (CVE-ID: CVE-2022-42774)
CWE-ID: CWE-126 - Buffer over-read
CVSSv4: CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:A/VC:H/VI:L/VA:L/SC:N/SI:N/SA:N/E:U/U:Green
The vulnerability allows a remote attacker to read, manipulate or delete data.
The vulnerability exists due to a possible missing bounds check within the wlan driver in WLAN Firmware. A remote attacker can trick the victim to open a specially crafted file and read, manipulate or delete data.
24) Missing Authorization (CVE-ID: CVE-2022-39095)
CWE-ID: CWE-862 - Missing Authorization
CVSSv4: CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:A/VC:N/VI:H/VA:N/SC:N/SI:N/SA:N/E:U/U:Clear
The vulnerability allows a remote attacker to manipulate data.
The vulnerability exists due to a missing permission check within the power management service in Android. A remote attacker can trick the victim to open a specially crafted file and manipulate data.
25) Missing Authorization (CVE-ID: CVE-2022-39097)
CWE-ID: CWE-862 - Missing Authorization
CVSSv4: CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:A/VC:N/VI:H/VA:N/SC:N/SI:N/SA:N/E:U/U:Clear
The vulnerability allows a remote attacker to manipulate data.
The vulnerability exists due to a missing permission check within the power management service in Android. A remote attacker can trick the victim to open a specially crafted file and manipulate data.
26) Buffer overflow (CVE-ID: CVE-2022-39131)
CWE-ID: CWE-119 - Memory corruption
CVSSv4: CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear
The vulnerability allows a local application to perform a denial of service (DoS) attack.
The vulnerability exists due to a boundary error within the camera driver. A local application can trigger memory corruption and perform a denial of service (DoS) attack.
27) Out-of-bounds write (CVE-ID: CVE-2022-42755)
CWE-ID: CWE-787 - Out-of-bounds write
CVSSv4: CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear
The vulnerability allows a local application to perform a denial of service (DoS) attack.
The vulnerability exists due to a boundary error within the wlan driver driver. A local application can trigger an out-of-bounds write and crash the kernel.
28) Race condition (CVE-ID: CVE-2022-42771)
CWE-ID: CWE-362 - Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition')
CVSSv4: CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear
The vulnerability allows a local application to perform a denial of service (DoS) attack.
The vulnerability exists due to a race condition within the wlan driver. A local application can exploit the race and perform a denial of service (DoS) attack.
29) Race condition (CVE-ID: CVE-2022-42770)
CWE-ID: CWE-362 - Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition')
CVSSv4: CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear
The vulnerability allows a local application to perform a denial of service (DoS) attack.
The vulnerability exists due to a race condition within the wlan driver. A local application can exploit the race and perform a denial of service (DoS) attack.
30) Improper Restriction of Operations within the Bounds of a Memory Buffer (CVE-ID: CVE-2022-42775)
CWE-ID: CWE-119 - Memory corruption
CVSSv4: CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear
The vulnerability allows a local application to damange or delete data.
The vulnerability exists due to a possible memory corruption due to improper locking within the camera driver in Kernel. A local application can damange or delete data.
31) Buffer overflow (CVE-ID: CVE-2022-42756)
CWE-ID: CWE-119 - Memory corruption
CVSSv4: CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear
The vulnerability allows a local application to perform a denial of service (DoS) attack.
The vulnerability exists due to a boundary error within the sensor driver. A local application can trigger memory corruption and crash the kernel.
32) Use-after-free (CVE-ID: CVE-2022-42754)
CWE-ID: CWE-416 - Use After Free
CVSSv4: CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear
The vulnerability allows a local application to perform a denial of service (DoS) attack.
The vulnerability exists due to a use-after-free error within the npu driver. A local application can trigger a use-after-free error and perform a denial of service (DoS) attack.
33) Race condition (CVE-ID: CVE-2022-39134)
CWE-ID: CWE-362 - Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition')
CVSSv4: CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear
The vulnerability allows a local application to perform a denial of service (DoS) attack.
The vulnerability exists due to a race condition within the audio driver. A local local application can exploit the race to trigger a use-after-free and crash the kernel.
34) Improper locking (CVE-ID: CVE-2022-39106)
CWE-ID: CWE-667 - Improper Locking
CVSSv4: CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear
The vulnerability allows a local application to perform a denial of service attack (DoS).
The vulnerability exists due to improper locking error within the serviceIn sensor driver. A local application can trigger a deadlock and perform a denial of service (DoS) attack.
35) Heap-based buffer overflow (CVE-ID: CVE-2022-39132)
CWE-ID: CWE-122 - Heap-based Buffer Overflow
CVSSv4: CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear
The vulnerability allows a local application to perform a denial of service (DoS) attack.
The vulnerability exists due to a boundary error within the camera driver. A local application can trigger a heap-based buffer overflow and perform a denial of service (DoS) attack.
36) Out-of-bounds read (CVE-ID: CVE-2022-39130)
CWE-ID: CWE-125 - Out-of-bounds read
CVSSv4: CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear
The vulnerability allows a local application to perform a denial of service (DoS) attack.
The vulnerability exists due to a boundary condition within the face detect driver. A local application can trigger an out-of-bounds read error and perform a denial of service (DoS) attack.
37) Stack-based buffer overflow (CVE-ID: CVE-2022-39129)
CWE-ID: CWE-121 - Stack-based buffer overflow
CVSSv4: CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear
The vulnerability allows a local application to perform a denial of service (DoS) attack.
The vulnerability exists due to a boundary error within the face detect driver. A local application can trigger a stack-based buffer overflow and perform a denial of service (DoS) attack.
38) Out-of-bounds write (CVE-ID: CVE-2022-39133)
CWE-ID: CWE-787 - Out-of-bounds write
CVSSv4: CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear
The vulnerability allows a local application to perform a denial of service (DoS) attack.
The vulnerability exists due to a boundary error within the wlan driver. A local application can trigger an out-of-bounds write and crash the system.
39) Missing Authorization (CVE-ID: CVE-2022-39098)
CWE-ID: CWE-862 - Missing Authorization
CVSSv4: CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:A/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear
The vulnerability allows a remote attacker to crash the entire system.
The vulnerability exists due to a missing permission check within the power management service in Android. A remote attacker can trick the victim to open a specially crafted file and crash the entire system.
40) Out-of-bounds write (CVE-ID: CVE-2022-42772)
CWE-ID: CWE-787 - Out-of-bounds write
CVSSv4: CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear
The vulnerability allows a local application to perform a denial of service (DoS) attack.
The vulnerability exists due to a boundary error within the wlan driver. A local application can trigger an out-of-bounds write and perform a denial of service (DoS) attack.
41) Buffer overflow (CVE-ID: CVE-2022-42760)
CWE-ID: CWE-120 - Buffer overflow
CVSSv4: CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:A/VC:H/VI:L/VA:L/SC:N/SI:N/SA:N/E:U/U:Green
The vulnerability allows a remote attacker to read, manipulate or delete data.
The vulnerability exists due to a possible missing bounds check within the wlan driver in WLAN Firmware. A remote attacker can trick the victim to open a specially crafted file and read, manipulate or delete data.
42) Out-of-bounds read (CVE-ID: CVE-2022-42769)
CWE-ID: CWE-125 - Out-of-bounds read
CVSSv4: CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:A/VC:H/VI:L/VA:L/SC:N/SI:N/SA:N/E:U/U:Green
The vulnerability allows a remote attacker to read, manipulate or delete data.
The vulnerability exists due to a possible missing bounds check within the wlan driver in WLAN Firmware. A remote attacker can trick the victim to open a specially crafted file and read, manipulate or delete data.
43) Out-of-bounds read (CVE-ID: CVE-2022-42773)
CWE-ID: CWE-125 - Out-of-bounds read
CVSSv4: CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:A/VC:H/VI:L/VA:L/SC:N/SI:N/SA:N/E:U/U:Green
The vulnerability allows a remote attacker to read, manipulate or delete data.
The vulnerability exists due to a possible missing bounds check within the wlan driver in WLAN Firmware. A remote attacker can trick the victim to open a specially crafted file and read, manipulate or delete data.
44) Out-of-bounds read (CVE-ID: CVE-2022-42761)
CWE-ID: CWE-125 - Out-of-bounds read
CVSSv4: CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:A/VC:H/VI:L/VA:L/SC:N/SI:N/SA:N/E:U/U:Green
The vulnerability allows a remote attacker to read, manipulate or delete data.
The vulnerability exists due to a possible missing bounds check within the wlan driver in WLAN Firmware. A remote attacker can trick the victim to open a specially crafted file and read, manipulate or delete data.
45) Missing Authorization (CVE-ID: CVE-2022-42777)
CWE-ID: CWE-862 - Missing Authorization
CVSSv4: CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:A/VC:L/VI:H/VA:N/SC:N/SI:N/SA:N/E:U/U:Clear
The vulnerability allows a remote attacker to read and manipulate data.
The vulnerability exists due to a missing permission check within the power management service in Android. A remote attacker can trick the victim to open a specially crafted file and read and manipulate data.
46) Missing Authorization (CVE-ID: CVE-2022-39102)
CWE-ID: CWE-862 - Missing Authorization
CVSSv4: CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:A/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear
The vulnerability allows a remote attacker to crash the entire system.
The vulnerability exists due to a missing permission check within the power management service in Android. A remote attacker can trick the victim to open a specially crafted file and crash the entire system.
47) Missing Authorization (CVE-ID: CVE-2022-39101)
CWE-ID: CWE-862 - Missing Authorization
CVSSv4: CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:A/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear
The vulnerability allows a remote attacker to crash the entire system.
The vulnerability exists due to a missing permission check within the power management service in Android. A remote attacker can trick the victim to open a specially crafted file and crash the entire system.
48) Missing Authorization (CVE-ID: CVE-2022-39100)
CWE-ID: CWE-862 - Missing Authorization
CVSSv4: CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:A/VC:N/VI:H/VA:N/SC:N/SI:N/SA:N/E:U/U:Clear
The vulnerability allows a remote attacker to manipulate data.
The vulnerability exists due to a missing permission check within the power management service in Android. A remote attacker can trick the victim to open a specially crafted file and manipulate data.
49) Missing Authorization (CVE-ID: CVE-2022-39099)
CWE-ID: CWE-862 - Missing Authorization
CVSSv4: CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:A/VC:N/VI:H/VA:N/SC:N/SI:N/SA:N/E:U/U:Clear
The vulnerability allows a remote attacker to manipulate data.
The vulnerability exists due to a missing permission check within the power management service in Android. A remote attacker can trick the victim to open a specially crafted file and manipulate data.
Remediation
Install update from vendor's website.