SB2023020663 - Multiple vulnerabilities in Unisoc chipsets
Published: February 6, 2023 Updated: February 7, 2023
Breakdown by Severity
- Low
- Medium
- High
- Critical
Description
This security bulletin contains information about 50 secuirty vulnerabilities.
1) NULL Pointer Dereference (CVE-ID: CVE-2022-44447)
The vulnerability allows a remote attacker to read, manipulate or delete data.
The vulnerability exists due to a possible null pointer dereference issue due to a missing bounds check within the wlan driver in Kerenl. A remote attacker can trick the victim to open a specially crafted file and read, manipulate or delete data.
2) Information Exposure (CVE-ID: CVE-2022-47325)
The vulnerability allows a local privileged application to execute arbitrary code.
The vulnerability exists due to a possible missing permission check within the wlan driver in Kerenl. A local privileged application can execute arbitrary code.
3) Information Exposure (CVE-ID: CVE-2022-47326)
The vulnerability allows a local privileged application to execute arbitrary code.
The vulnerability exists due to a possible missing permission check within the wlan driver in Kerenl. A local privileged application can execute arbitrary code.
4) Information Exposure (CVE-ID: CVE-2022-47327)
The vulnerability allows a local privileged application to execute arbitrary code.
The vulnerability exists due to a possible missing permission check within the wlan driver in Kerenl. A local privileged application can execute arbitrary code.
5) Information Exposure (CVE-ID: CVE-2022-47328)
The vulnerability allows a local privileged application to execute arbitrary code.
The vulnerability exists due to a possible missing permission check within the wlan driver in Kerenl. A local privileged application can execute arbitrary code.
6) Information Exposure (CVE-ID: CVE-2022-47329)
The vulnerability allows a local privileged application to execute arbitrary code.
The vulnerability exists due to a possible missing permission check within the wlan driver in Kerenl. A local privileged application can execute arbitrary code.
7) Information Exposure (CVE-ID: CVE-2022-47330)
The vulnerability allows a local privileged application to execute arbitrary code.
The vulnerability exists due to a possible missing permission check within the wlan driver in Kerenl. A local privileged application can execute arbitrary code.
8) Information Exposure (CVE-ID: CVE-2022-47450)
The vulnerability allows a local privileged application to execute arbitrary code.
The vulnerability exists due to a possible missing permission check within the wlan driver in Kerenl. A local privileged application can execute arbitrary code.
9) Information Exposure (CVE-ID: CVE-2022-47332)
The vulnerability allows a local privileged application to execute arbitrary code.
The vulnerability exists due to a possible missing permission check within the wlan driver in Kerenl. A local privileged application can execute arbitrary code.
10) Information Exposure (CVE-ID: CVE-2022-47333)
The vulnerability allows a local privileged application to execute arbitrary code.
The vulnerability exists due to a possible missing permission check within the wlan driver in Kerenl. A local privileged application can execute arbitrary code.
11) Information Exposure (CVE-ID: CVE-2022-44421)
The vulnerability allows a local privileged application to execute arbitrary code.
The vulnerability exists due to a possible missing permission check within the wlan driver in Kerenl. A local privileged application can execute arbitrary code.
12) Out-of-bounds read (CVE-ID: CVE-2022-47363)
The vulnerability allows a local privileged application to read and manipulate data.
The vulnerability exists due to a possible out of bounds read due to a missing bounds check within the Kerenl. A local privileged application can read and manipulate data.
13) Out-of-bounds read (CVE-ID: CVE-2022-47323)
The vulnerability allows a local privileged application to execute arbitrary code.
The vulnerability exists due to a possible missing params check within the wlan driver in Kerenl. A local privileged application can execute arbitrary code.
14) Out-of-bounds write (CVE-ID: CVE-2022-47364)
The vulnerability allows a local privileged application to read and manipulate data.
The vulnerability exists due to a possible out of bounds write due to a missing bounds check within the Kerenl. A local privileged application can read and manipulate data.
15) Out-of-bounds write (CVE-ID: CVE-2022-47365)
The vulnerability allows a local privileged application to execute arbitrary code.
The vulnerability exists due to a possible out of bounds write due to a missing bounds check within the wlan driver in Kerenl. A local privileged application can execute arbitrary code.
16) Out-of-bounds write (CVE-ID: CVE-2022-47366)
The vulnerability allows a local privileged application to execute arbitrary code.
The vulnerability exists due to a possible out of bounds write due to a missing bounds check within the wlan driver in Kerenl. A local privileged application can execute arbitrary code.
17) Information Exposure (CVE-ID: CVE-2022-47367)
The vulnerability allows a local application to read and manipulate data.
The vulnerability exists due to a missing permission check within the bluetooth driver in Kerenl. A local application can read and manipulate data.
18) Out-of-bounds write (CVE-ID: CVE-2022-47368)
The vulnerability allows a local privileged application to read and manipulate data.
The vulnerability exists due to a possible missing params check within the wlan driver in Kerenl. A local privileged application can read and manipulate data.
19) Out-of-bounds write (CVE-ID: CVE-2022-47369)
The vulnerability allows a local privileged application to read and manipulate data.
The vulnerability exists due to a possible missing params check within the wlan driver in Kerenl. A local privileged application can read and manipulate data.
20) Resource exhaustion (CVE-ID: CVE-2022-47370)
The vulnerability allows a local application to read and manipulate data.
The vulnerability exists due to a possible missing params check within the wlan driver in Kerenl. A local application can read and manipulate data.
21) Use After Free (CVE-ID: CVE-2022-47371)
The vulnerability allows a local application to perform a denial of service (DoS) attack.
The vulnerability exists due to a thread competition leads to early release of resources to be accessed within the bluetooth driver in Kerenl. A local application can perform a denial of service (DoS) attack.
22) Integer overflow (CVE-ID: CVE-2022-47451)
The vulnerability allows a remote attacker to read, manipulate or delete data.
The vulnerability exists due to a possible missing params check within the wlan driver in Kerenl. A remote attacker can trick the victim to open a specially crafted file and read, manipulate or delete data.
23) Out-of-bounds write (CVE-ID: CVE-2022-47452)
The vulnerability allows a local privileged application to execute arbitrary code.
The vulnerability exists due to a possible out of bounds write due to a missing bounds check within the gnss driver in Kerenl. A local privileged application can execute arbitrary code.
24) Information Exposure (CVE-ID: CVE-2022-47324)
The vulnerability allows a local privileged application to execute arbitrary code.
The vulnerability exists due to a possible missing permission check within the wlan driver in Kerenl. A local privileged application can execute arbitrary code.
25) Integer overflow (CVE-ID: CVE-2022-47322)
The vulnerability allows a local privileged application to execute arbitrary code.
The vulnerability exists due to a possible missing params check within the wlan driver in Kerenl. A local privileged application can execute arbitrary code.
26) OS command injection (CVE-ID: CVE-2022-47339)
The vulnerability allows a local privileged application to execute arbitrary code.
The vulnerability exists due to a OS command injection issue due to missing permission check within the cmd services in Android. A local privileged application can execute arbitrary code.
27) Resource exhaustion (CVE-ID: CVE-2022-47355)
The vulnerability allows a local privileged application to perform a denial of service (DoS) attack.
The vulnerability exists due to a missing permission check within the log service in Android. A local privileged application can perform a denial of service (DoS) attack.
28) Out-of-bounds write (CVE-ID: CVE-2022-47331)
The vulnerability allows a local application to read, manipulate or delete data.
The vulnerability exists due to a race condition within the wlan driver in Kerenl. A local application can read, manipulate or delete data.
29) Missing Authorization (CVE-ID: CVE-2022-47341)
The vulnerability allows a local application to perform service disruption.
The vulnerability exists due to a missing permission check within the engineermode services in Android. A local application can perform service disruption.
30) Improper Validation of Array Index (CVE-ID: CVE-2022-47342)
The vulnerability allows a local application to perform service disruption.
The vulnerability exists due to a missing permission check within the engineermode services in Android. A local application can perform service disruption.
31) Improper Validation of Array Index (CVE-ID: CVE-2022-47343)
The vulnerability allows a local application to perform service disruption.
The vulnerability exists due to a missing permission check within the engineermode services in Android. A local application can perform service disruption.
32) Improper Validation of Array Index (CVE-ID: CVE-2022-47344)
The vulnerability allows a local application to perform service disruption.
The vulnerability exists due to a missing permission check within the engineermode services in Android. A local application can perform service disruption.
33) Improper Validation of Array Index (CVE-ID: CVE-2022-47345)
The vulnerability allows a local application to perform service disruption.
The vulnerability exists due to a missing permission check within the engineermode services in Android. A local application can perform service disruption.
34) Improper Validation of Array Index (CVE-ID: CVE-2022-47346)
The vulnerability allows a local application to perform service disruption.
The vulnerability exists due to a missing permission check within the engineermode services in Android. A local application can perform service disruption.
35) Improper Validation of Array Index (CVE-ID: CVE-2022-47347)
The vulnerability allows a local application to perform service disruption.
The vulnerability exists due to a missing permission check within the engineermode services in Android. A local application can perform service disruption.
36) Improper Validation of Array Index (CVE-ID: CVE-2022-47348)
The vulnerability allows a local application to perform service disruption.
The vulnerability exists due to a missing permission check within the engineermode services in Android. A local application can perform service disruption.
37) Resource exhaustion (CVE-ID: CVE-2022-47354)
The vulnerability allows a local privileged application to perform a denial of service (DoS) attack.
The vulnerability exists due to a missing permission check within the log service in Android. A local privileged application can perform a denial of service (DoS) attack.
38) Resource exhaustion (CVE-ID: CVE-2022-47356)
The vulnerability allows a local privileged application to perform a denial of service (DoS) attack.
The vulnerability exists due to a missing permission check within the log service in Android. A local privileged application can perform a denial of service (DoS) attack.
39) Stack-based buffer overflow (CVE-ID: CVE-2022-44448)
The vulnerability allows a local privileged application to execute arbitrary code.
The vulnerability exists due to a possible missing params check within the wlan driver in Kerenl. A local privileged application can execute arbitrary code.
40) Resource exhaustion (CVE-ID: CVE-2022-47357)
The vulnerability allows a local privileged application to perform a denial of service (DoS) attack.
The vulnerability exists due to a missing permission check within the log service in Android. A local privileged application can perform a denial of service (DoS) attack.
41) Missing Authorization (CVE-ID: CVE-2022-47358)
The vulnerability allows a local privileged application to perform a denial of service (DoS) attack.
The vulnerability exists due to a missing permission check within the log service in Android. A local privileged application can perform a denial of service (DoS) attack.
42) NULL Pointer Dereference (CVE-ID: CVE-2022-47359)
The vulnerability allows a local privileged application to perform a denial of service (DoS) attack.
The vulnerability exists due to a missing permission check within the log service in Android. A local privileged application can perform a denial of service (DoS) attack.
43) NULL Pointer Dereference (CVE-ID: CVE-2022-47360)
The vulnerability allows a local privileged application to perform a denial of service (DoS) attack.
The vulnerability exists due to a missing permission check within the log service in Android. A local privileged application can perform a denial of service (DoS) attack.
44) Missing Authorization (CVE-ID: CVE-2022-47361)
The vulnerability allows a local privileged application to perform a denial of service (DoS) attack.
The vulnerability exists due to a missing permission check within the firewall service in Android. A local privileged application can perform a denial of service (DoS) attack.
45) Stack-based buffer overflow (CVE-ID: CVE-2022-38675)
The vulnerability allows a local privileged application to damange or delete data.
The vulnerability exists due to a possible out of bounds write due to a missing bounds check within the gpu driver in Kernel. A local privileged application can damange or delete data.
46) Integer overflow (CVE-ID: CVE-2022-38674)
The vulnerability allows a local privileged application to execute arbitrary code.
The vulnerability exists due to a possible missing params check within the wlan driver in Kerenl. A local privileged application can execute arbitrary code.
47) Integer overflow (CVE-ID: CVE-2022-38680)
The vulnerability allows a local privileged application to execute arbitrary code.
The vulnerability exists due to a possible missing params check within the wlan driver in Kerenl. A local privileged application can execute arbitrary code.
48) Integer underflow (CVE-ID: CVE-2022-38681)
The vulnerability allows a local privileged application to execute arbitrary code.
The vulnerability exists due to a possible missing params check within the wlan driver in Kerenl. A local privileged application can execute arbitrary code.
49) Information Exposure (CVE-ID: CVE-2022-38686)
The vulnerability allows a local privileged application to execute arbitrary code.
The vulnerability exists due to a possible missing params check within the wlan driver in Kerenl. A local privileged application can execute arbitrary code.
50) Heap-based Buffer Overflow (CVE-ID: CVE-2022-42783)
The vulnerability allows a local privileged application to execute arbitrary code.
The vulnerability exists due to a possible missing params check within the wlan driver in Kerenl. A local privileged application can execute arbitrary code.
Remediation
Install update from vendor's website.