SB2023020663 - Multiple vulnerabilities in Unisoc chipsets
Published: February 6, 2023 Updated: February 7, 2023
Breakdown by Severity
- Low
- Medium
- High
- Critical
Description
This security bulletin contains information about 50 vulnerabilities.
1) NULL Pointer Dereference (CVE-ID: CVE-2022-44447)
CWE-ID: CWE-476 - NULL Pointer Dereference
CVSSv4: CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:A/VC:H/VI:L/VA:L/SC:N/SI:N/SA:N/E:U/U:Green
The vulnerability allows a remote attacker to read, manipulate or delete data.
The vulnerability exists due to a possible null pointer dereference issue due to a missing bounds check within the wlan driver in Kerenl. A remote attacker can trick the victim to open a specially crafted file and read, manipulate or delete data.
2) Information Exposure (CVE-ID: CVE-2022-47325)
CWE-ID: CWE-200 - Exposure of sensitive information to an unauthorized actor
CVSSv4: CVSS:4.0/AV:L/AC:L/AT:P/PR:H/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear
The vulnerability allows a local privileged application to execute arbitrary code.
The vulnerability exists due to a possible missing permission check within the wlan driver in Kerenl. A local privileged application can execute arbitrary code.
3) Information Exposure (CVE-ID: CVE-2022-47326)
CWE-ID: CWE-200 - Exposure of sensitive information to an unauthorized actor
CVSSv4: CVSS:4.0/AV:L/AC:L/AT:P/PR:H/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear
The vulnerability allows a local privileged application to execute arbitrary code.
The vulnerability exists due to a possible missing permission check within the wlan driver in Kerenl. A local privileged application can execute arbitrary code.
4) Information Exposure (CVE-ID: CVE-2022-47327)
CWE-ID: CWE-200 - Exposure of sensitive information to an unauthorized actor
CVSSv4: CVSS:4.0/AV:L/AC:L/AT:P/PR:H/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear
The vulnerability allows a local privileged application to execute arbitrary code.
The vulnerability exists due to a possible missing permission check within the wlan driver in Kerenl. A local privileged application can execute arbitrary code.
5) Information Exposure (CVE-ID: CVE-2022-47328)
CWE-ID: CWE-200 - Exposure of sensitive information to an unauthorized actor
CVSSv4: CVSS:4.0/AV:L/AC:L/AT:P/PR:H/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear
The vulnerability allows a local privileged application to execute arbitrary code.
The vulnerability exists due to a possible missing permission check within the wlan driver in Kerenl. A local privileged application can execute arbitrary code.
6) Information Exposure (CVE-ID: CVE-2022-47329)
CWE-ID: CWE-200 - Exposure of sensitive information to an unauthorized actor
CVSSv4: CVSS:4.0/AV:L/AC:L/AT:P/PR:H/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear
The vulnerability allows a local privileged application to execute arbitrary code.
The vulnerability exists due to a possible missing permission check within the wlan driver in Kerenl. A local privileged application can execute arbitrary code.
7) Information Exposure (CVE-ID: CVE-2022-47330)
CWE-ID: CWE-200 - Exposure of sensitive information to an unauthorized actor
CVSSv4: CVSS:4.0/AV:L/AC:L/AT:P/PR:H/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear
The vulnerability allows a local privileged application to execute arbitrary code.
The vulnerability exists due to a possible missing permission check within the wlan driver in Kerenl. A local privileged application can execute arbitrary code.
8) Information Exposure (CVE-ID: CVE-2022-47450)
CWE-ID: CWE-200 - Exposure of sensitive information to an unauthorized actor
CVSSv4: CVSS:4.0/AV:L/AC:L/AT:P/PR:H/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear
The vulnerability allows a local privileged application to execute arbitrary code.
The vulnerability exists due to a possible missing permission check within the wlan driver in Kerenl. A local privileged application can execute arbitrary code.
9) Information Exposure (CVE-ID: CVE-2022-47332)
CWE-ID: CWE-200 - Exposure of sensitive information to an unauthorized actor
CVSSv4: CVSS:4.0/AV:L/AC:L/AT:P/PR:H/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear
The vulnerability allows a local privileged application to execute arbitrary code.
The vulnerability exists due to a possible missing permission check within the wlan driver in Kerenl. A local privileged application can execute arbitrary code.
10) Information Exposure (CVE-ID: CVE-2022-47333)
CWE-ID: CWE-200 - Exposure of sensitive information to an unauthorized actor
CVSSv4: CVSS:4.0/AV:L/AC:L/AT:P/PR:H/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear
The vulnerability allows a local privileged application to execute arbitrary code.
The vulnerability exists due to a possible missing permission check within the wlan driver in Kerenl. A local privileged application can execute arbitrary code.
11) Information Exposure (CVE-ID: CVE-2022-44421)
CWE-ID: CWE-200 - Exposure of sensitive information to an unauthorized actor
CVSSv4: CVSS:4.0/AV:L/AC:L/AT:P/PR:H/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear
The vulnerability allows a local privileged application to execute arbitrary code.
The vulnerability exists due to a possible missing permission check within the wlan driver in Kerenl. A local privileged application can execute arbitrary code.
12) Out-of-bounds read (CVE-ID: CVE-2022-47363)
CWE-ID: CWE-125 - Out-of-bounds read
CVSSv4: CVSS:4.0/AV:L/AC:L/AT:N/PR:H/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:U/U:Clear
The vulnerability allows a local privileged application to read and manipulate data.
The vulnerability exists due to a possible out of bounds read due to a missing bounds check within the Kerenl. A local privileged application can read and manipulate data.
13) Out-of-bounds read (CVE-ID: CVE-2022-47323)
CWE-ID: CWE-125 - Out-of-bounds read
CVSSv4: CVSS:4.0/AV:L/AC:L/AT:P/PR:H/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear
The vulnerability allows a local privileged application to execute arbitrary code.
The vulnerability exists due to a possible missing params check within the wlan driver in Kerenl. A local privileged application can execute arbitrary code.
14) Out-of-bounds write (CVE-ID: CVE-2022-47364)
CWE-ID: CWE-787 - Out-of-bounds write
CVSSv4: CVSS:4.0/AV:L/AC:L/AT:N/PR:H/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:U/U:Clear
The vulnerability allows a local privileged application to read and manipulate data.
The vulnerability exists due to a possible out of bounds write due to a missing bounds check within the Kerenl. A local privileged application can read and manipulate data.
15) Out-of-bounds write (CVE-ID: CVE-2022-47365)
CWE-ID: CWE-787 - Out-of-bounds write
CVSSv4: CVSS:4.0/AV:L/AC:L/AT:P/PR:H/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear
The vulnerability allows a local privileged application to execute arbitrary code.
The vulnerability exists due to a possible out of bounds write due to a missing bounds check within the wlan driver in Kerenl. A local privileged application can execute arbitrary code.
16) Out-of-bounds write (CVE-ID: CVE-2022-47366)
CWE-ID: CWE-787 - Out-of-bounds write
CVSSv4: CVSS:4.0/AV:L/AC:L/AT:P/PR:H/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear
The vulnerability allows a local privileged application to execute arbitrary code.
The vulnerability exists due to a possible out of bounds write due to a missing bounds check within the wlan driver in Kerenl. A local privileged application can execute arbitrary code.
17) Information Exposure (CVE-ID: CVE-2022-47367)
CWE-ID: CWE-200 - Exposure of sensitive information to an unauthorized actor
CVSSv4: CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:A/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:U/U:Clear
The vulnerability allows a local application to read and manipulate data.
The vulnerability exists due to a missing permission check within the bluetooth driver in Kerenl. A local application can read and manipulate data.
18) Out-of-bounds write (CVE-ID: CVE-2022-47368)
CWE-ID: CWE-787 - Out-of-bounds write
CVSSv4: CVSS:4.0/AV:L/AC:L/AT:N/PR:H/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:U/U:Clear
The vulnerability allows a local privileged application to read and manipulate data.
The vulnerability exists due to a possible missing params check within the wlan driver in Kerenl. A local privileged application can read and manipulate data.
19) Out-of-bounds write (CVE-ID: CVE-2022-47369)
CWE-ID: CWE-787 - Out-of-bounds write
CVSSv4: CVSS:4.0/AV:L/AC:L/AT:N/PR:H/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:U/U:Clear
The vulnerability allows a local privileged application to read and manipulate data.
The vulnerability exists due to a possible missing params check within the wlan driver in Kerenl. A local privileged application can read and manipulate data.
20) Resource exhaustion (CVE-ID: CVE-2022-47370)
CWE-ID: CWE-400 - Resource exhaustion
CVSSv4: CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:A/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:U/U:Clear
The vulnerability allows a local application to read and manipulate data.
The vulnerability exists due to a possible missing params check within the wlan driver in Kerenl. A local application can read and manipulate data.
21) Use After Free (CVE-ID: CVE-2022-47371)
CWE-ID: CWE-416 - Use After Free
CVSSv4: CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear
The vulnerability allows a local application to perform a denial of service (DoS) attack.
The vulnerability exists due to a thread competition leads to early release of resources to be accessed within the bluetooth driver in Kerenl. A local application can perform a denial of service (DoS) attack.
22) Integer overflow (CVE-ID: CVE-2022-47451)
CWE-ID: CWE-190 - Integer overflow
CVSSv4: CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:A/VC:H/VI:L/VA:L/SC:N/SI:N/SA:N/E:U/U:Green
The vulnerability allows a remote attacker to read, manipulate or delete data.
The vulnerability exists due to a possible missing params check within the wlan driver in Kerenl. A remote attacker can trick the victim to open a specially crafted file and read, manipulate or delete data.
23) Out-of-bounds write (CVE-ID: CVE-2022-47452)
CWE-ID: CWE-787 - Out-of-bounds write
CVSSv4: CVSS:4.0/AV:L/AC:L/AT:P/PR:H/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear
The vulnerability allows a local privileged application to execute arbitrary code.
The vulnerability exists due to a possible out of bounds write due to a missing bounds check within the gnss driver in Kerenl. A local privileged application can execute arbitrary code.
24) Information Exposure (CVE-ID: CVE-2022-47324)
CWE-ID: CWE-200 - Exposure of sensitive information to an unauthorized actor
CVSSv4: CVSS:4.0/AV:L/AC:L/AT:P/PR:H/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear
The vulnerability allows a local privileged application to execute arbitrary code.
The vulnerability exists due to a possible missing permission check within the wlan driver in Kerenl. A local privileged application can execute arbitrary code.
25) Integer overflow (CVE-ID: CVE-2022-47322)
CWE-ID: CWE-190 - Integer overflow
CVSSv4: CVSS:4.0/AV:L/AC:L/AT:P/PR:H/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear
The vulnerability allows a local privileged application to execute arbitrary code.
The vulnerability exists due to a possible missing params check within the wlan driver in Kerenl. A local privileged application can execute arbitrary code.
26) OS command injection (CVE-ID: CVE-2022-47339)
CWE-ID: CWE-78 - Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')
CVSSv4: CVSS:4.0/AV:L/AC:L/AT:P/PR:H/UI:A/VC:L/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear
The vulnerability allows a local privileged application to execute arbitrary code.
The vulnerability exists due to a OS command injection issue due to missing permission check within the cmd services in Android. A local privileged application can execute arbitrary code.
27) Resource exhaustion (CVE-ID: CVE-2022-47355)
CWE-ID: CWE-400 - Resource exhaustion
CVSSv4: CVSS:4.0/AV:L/AC:L/AT:P/PR:H/UI:A/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear
The vulnerability allows a local privileged application to perform a denial of service (DoS) attack.
The vulnerability exists due to a missing permission check within the log service in Android. A local privileged application can perform a denial of service (DoS) attack.
28) Out-of-bounds write (CVE-ID: CVE-2022-47331)
CWE-ID: CWE-787 - Out-of-bounds write
CVSSv4: CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:L/VA:L/SC:N/SI:N/SA:N/E:U/U:Clear
The vulnerability allows a local application to read, manipulate or delete data.
The vulnerability exists due to a race condition within the wlan driver in Kerenl. A local application can read, manipulate or delete data.
29) Missing Authorization (CVE-ID: CVE-2022-47341)
CWE-ID: CWE-862 - Missing Authorization
CVSSv4: CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N/E:U/U:Clear
The vulnerability allows a local application to perform service disruption.
The vulnerability exists due to a missing permission check within the engineermode services in Android. A local application can perform service disruption.
30) Improper Validation of Array Index (CVE-ID: CVE-2022-47342)
CWE-ID: CWE-129 - Improper Validation of Array Index
CVSSv4: CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N/E:U/U:Clear
The vulnerability allows a local application to perform service disruption.
The vulnerability exists due to a missing permission check within the engineermode services in Android. A local application can perform service disruption.
31) Improper Validation of Array Index (CVE-ID: CVE-2022-47343)
CWE-ID: CWE-129 - Improper Validation of Array Index
CVSSv4: CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N/E:U/U:Clear
The vulnerability allows a local application to perform service disruption.
The vulnerability exists due to a missing permission check within the engineermode services in Android. A local application can perform service disruption.
32) Improper Validation of Array Index (CVE-ID: CVE-2022-47344)
CWE-ID: CWE-129 - Improper Validation of Array Index
CVSSv4: CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N/E:U/U:Clear
The vulnerability allows a local application to perform service disruption.
The vulnerability exists due to a missing permission check within the engineermode services in Android. A local application can perform service disruption.
33) Improper Validation of Array Index (CVE-ID: CVE-2022-47345)
CWE-ID: CWE-129 - Improper Validation of Array Index
CVSSv4: CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N/E:U/U:Clear
The vulnerability allows a local application to perform service disruption.
The vulnerability exists due to a missing permission check within the engineermode services in Android. A local application can perform service disruption.
34) Improper Validation of Array Index (CVE-ID: CVE-2022-47346)
CWE-ID: CWE-129 - Improper Validation of Array Index
CVSSv4: CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N/E:U/U:Clear
The vulnerability allows a local application to perform service disruption.
The vulnerability exists due to a missing permission check within the engineermode services in Android. A local application can perform service disruption.
35) Improper Validation of Array Index (CVE-ID: CVE-2022-47347)
CWE-ID: CWE-129 - Improper Validation of Array Index
CVSSv4: CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N/E:U/U:Clear
The vulnerability allows a local application to perform service disruption.
The vulnerability exists due to a missing permission check within the engineermode services in Android. A local application can perform service disruption.
36) Improper Validation of Array Index (CVE-ID: CVE-2022-47348)
CWE-ID: CWE-129 - Improper Validation of Array Index
CVSSv4: CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N/E:U/U:Clear
The vulnerability allows a local application to perform service disruption.
The vulnerability exists due to a missing permission check within the engineermode services in Android. A local application can perform service disruption.
37) Resource exhaustion (CVE-ID: CVE-2022-47354)
CWE-ID: CWE-400 - Resource exhaustion
CVSSv4: CVSS:4.0/AV:L/AC:L/AT:P/PR:H/UI:A/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear
The vulnerability allows a local privileged application to perform a denial of service (DoS) attack.
The vulnerability exists due to a missing permission check within the log service in Android. A local privileged application can perform a denial of service (DoS) attack.
38) Resource exhaustion (CVE-ID: CVE-2022-47356)
CWE-ID: CWE-400 - Resource exhaustion
CVSSv4: CVSS:4.0/AV:L/AC:L/AT:P/PR:H/UI:A/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear
The vulnerability allows a local privileged application to perform a denial of service (DoS) attack.
The vulnerability exists due to a missing permission check within the log service in Android. A local privileged application can perform a denial of service (DoS) attack.
39) Stack-based buffer overflow (CVE-ID: CVE-2022-44448)
CWE-ID: CWE-121 - Stack-based buffer overflow
CVSSv4: CVSS:4.0/AV:L/AC:L/AT:P/PR:H/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear
The vulnerability allows a local privileged application to execute arbitrary code.
The vulnerability exists due to a possible missing params check within the wlan driver in Kerenl. A local privileged application can execute arbitrary code.
40) Resource exhaustion (CVE-ID: CVE-2022-47357)
CWE-ID: CWE-400 - Resource exhaustion
CVSSv4: CVSS:4.0/AV:L/AC:L/AT:P/PR:H/UI:A/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear
The vulnerability allows a local privileged application to perform a denial of service (DoS) attack.
The vulnerability exists due to a missing permission check within the log service in Android. A local privileged application can perform a denial of service (DoS) attack.
41) Missing Authorization (CVE-ID: CVE-2022-47358)
CWE-ID: CWE-862 - Missing Authorization
CVSSv4: CVSS:4.0/AV:L/AC:L/AT:P/PR:H/UI:A/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear
The vulnerability allows a local privileged application to perform a denial of service (DoS) attack.
The vulnerability exists due to a missing permission check within the log service in Android. A local privileged application can perform a denial of service (DoS) attack.
42) NULL Pointer Dereference (CVE-ID: CVE-2022-47359)
CWE-ID: CWE-476 - NULL Pointer Dereference
CVSSv4: CVSS:4.0/AV:L/AC:L/AT:P/PR:H/UI:A/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear
The vulnerability allows a local privileged application to perform a denial of service (DoS) attack.
The vulnerability exists due to a missing permission check within the log service in Android. A local privileged application can perform a denial of service (DoS) attack.
43) NULL Pointer Dereference (CVE-ID: CVE-2022-47360)
CWE-ID: CWE-476 - NULL Pointer Dereference
CVSSv4: CVSS:4.0/AV:L/AC:L/AT:P/PR:H/UI:A/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear
The vulnerability allows a local privileged application to perform a denial of service (DoS) attack.
The vulnerability exists due to a missing permission check within the log service in Android. A local privileged application can perform a denial of service (DoS) attack.
44) Missing Authorization (CVE-ID: CVE-2022-47361)
CWE-ID: CWE-862 - Missing Authorization
CVSSv4: CVSS:4.0/AV:L/AC:L/AT:P/PR:H/UI:A/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear
The vulnerability allows a local privileged application to perform a denial of service (DoS) attack.
The vulnerability exists due to a missing permission check within the firewall service in Android. A local privileged application can perform a denial of service (DoS) attack.
45) Stack-based buffer overflow (CVE-ID: CVE-2022-38675)
CWE-ID: CWE-121 - Stack-based buffer overflow
CVSSv4: CVSS:4.0/AV:L/AC:L/AT:N/PR:H/UI:A/VC:N/VI:L/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear
The vulnerability allows a local privileged application to damange or delete data.
The vulnerability exists due to a possible out of bounds write due to a missing bounds check within the gpu driver in Kernel. A local privileged application can damange or delete data.
46) Integer overflow (CVE-ID: CVE-2022-38674)
CWE-ID: CWE-190 - Integer overflow
CVSSv4: CVSS:4.0/AV:L/AC:L/AT:P/PR:H/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear
The vulnerability allows a local privileged application to execute arbitrary code.
The vulnerability exists due to a possible missing params check within the wlan driver in Kerenl. A local privileged application can execute arbitrary code.
47) Integer overflow (CVE-ID: CVE-2022-38680)
CWE-ID: CWE-190 - Integer overflow
CVSSv4: CVSS:4.0/AV:L/AC:L/AT:P/PR:H/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear
The vulnerability allows a local privileged application to execute arbitrary code.
The vulnerability exists due to a possible missing params check within the wlan driver in Kerenl. A local privileged application can execute arbitrary code.
48) Integer underflow (CVE-ID: CVE-2022-38681)
CWE-ID: CWE-191 - Integer underflow
CVSSv4: CVSS:4.0/AV:L/AC:L/AT:P/PR:H/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear
The vulnerability allows a local privileged application to execute arbitrary code.
The vulnerability exists due to a possible missing params check within the wlan driver in Kerenl. A local privileged application can execute arbitrary code.
49) Information Exposure (CVE-ID: CVE-2022-38686)
CWE-ID: CWE-200 - Exposure of sensitive information to an unauthorized actor
CVSSv4: CVSS:4.0/AV:L/AC:L/AT:P/PR:H/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear
The vulnerability allows a local privileged application to execute arbitrary code.
The vulnerability exists due to a possible missing params check within the wlan driver in Kerenl. A local privileged application can execute arbitrary code.
50) Heap-based Buffer Overflow (CVE-ID: CVE-2022-42783)
CWE-ID: CWE-122 - Heap-based Buffer Overflow
CVSSv4: CVSS:4.0/AV:L/AC:L/AT:P/PR:H/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear
The vulnerability allows a local privileged application to execute arbitrary code.
The vulnerability exists due to a possible missing params check within the wlan driver in Kerenl. A local privileged application can execute arbitrary code.
Remediation
Install update from vendor's website.