Multiple vulnerabilities in Unisoc chipsets



Published: 2023-03-06
Risk High
Patch available YES
Number of vulnerabilities 24
CVE-ID CVE-2022-47484
CVE-2022-47459
CVE-2022-47462
CVE-2022-47461
CVE-2022-47460
CVE-2022-47458
CVE-2022-47457
CVE-2022-47456
CVE-2022-47455
CVE-2022-47454
CVE-2022-47453
CVE-2022-47483
CVE-2022-47472
CVE-2022-47482
CVE-2022-47481
CVE-2022-47480
CVE-2022-47479
CVE-2022-47478
CVE-2022-47477
CVE-2022-47476
CVE-2022-47475
CVE-2022-47474
CVE-2022-47471
CVE-2022-47473
CWE-ID CWE-862
CWE-787
CWE-200
CWE-416
CWE-125
CWE-126
CWE-190
CWE-119
Exploitation vector Network
Public exploit N/A
Vulnerable software
Subscribe
SC9863A
Mobile applications / Mobile firmware & hardware

SC9832E
Mobile applications / Mobile firmware & hardware

SC7731E
Mobile applications / Mobile firmware & hardware

T610
Mobile applications / Mobile firmware & hardware

T310
Mobile applications / Mobile firmware & hardware

T606
Mobile applications / Mobile firmware & hardware

T760
Mobile applications / Mobile firmware & hardware

T618
Mobile applications / Mobile firmware & hardware

T612
Mobile applications / Mobile firmware & hardware

T616
Mobile applications / Mobile firmware & hardware

T770
Mobile applications / Mobile firmware & hardware

T820
Mobile applications / Mobile firmware & hardware

S8000
Mobile applications / Mobile firmware & hardware

Vendor UNISOC

Security Bulletin

This security bulletin contains information about 24 vulnerabilities.

1) Missing Authorization

EUVDB-ID: #VU72823

Risk: Low

CVSSv3.1: 2.9 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N/E:U/RL:O/RC:C]

CVE-ID: CVE-2022-47484

CWE-ID: CWE-862 - Missing Authorization

Exploit availability: No

Description

The vulnerability allows a local application to manipulate data.

The vulnerability exists due to a missing permission check within the telephone service in Android. A local application can manipulate data.

Mitigation

Install security update from vendor's website.

Vulnerable software versions

SC9863A: All versions

SC9832E: All versions

SC7731E: All versions

T610: All versions

T310: All versions

T606: All versions

T760: All versions

T618: All versions

T612: All versions

T616: All versions

T770: All versions

T820: All versions

S8000: All versions

External links

http://www.unisoc.com/en_us/secy/announcementDetail/1632612109718192129


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

2) Out-of-bounds write

EUVDB-ID: #VU72833

Risk: Low

CVSSv3.1: 5.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:L/A:L/E:U/RL:O/RC:C]

CVE-ID: CVE-2022-47459

CWE-ID: CWE-787 - Out-of-bounds write

Exploit availability: No

Description

The vulnerability allows a local application to read, manipulate or delete data.

The vulnerability exists due to a possible missing params check within the wlan driver in Kerenl. A local application can read, manipulate or delete data.

Mitigation

Install security update from vendor's website.

Vulnerable software versions

SC9863A: All versions

SC9832E: All versions

SC7731E: All versions

T610: All versions

T310: All versions

T606: All versions

T760: All versions

T618: All versions

T612: All versions

T616: All versions

T770: All versions

T820: All versions

S8000: All versions

External links

http://www.unisoc.com/en_us/secy/announcementDetail/1632612109718192129


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

3) Missing Authorization

EUVDB-ID: #VU72832

Risk: High

CVSSv3.1: 7.1 [CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:L/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2022-47462

CWE-ID: CWE-862 - Missing Authorization

Exploit availability: No

Description

The vulnerability allows a remote attacker to execute arbitrary code.

The vulnerability exists due to a missing permission check within the telephone service in Android. A remote attacker can trick the victim to open a specially crafted file and execute arbitrary code.

Mitigation

Install security update from vendor's website.

Vulnerable software versions

SC9863A: All versions

SC9832E: All versions

SC7731E: All versions

T610: All versions

T310: All versions

T606: All versions

T760: All versions

T618: All versions

T612: All versions

T616: All versions

T770: All versions

T820: All versions

S8000: All versions

External links

http://www.unisoc.com/en_us/secy/announcementDetail/1632612109718192129


Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

4) Information Exposure

EUVDB-ID: #VU72831

Risk: Low

CVSSv3.1: 5.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2022-47461

CWE-ID: CWE-200 - Information exposure

Exploit availability: No

Description

The vulnerability allows a local application to read and manipulate data.

The vulnerability exists due to a missing permission check within the telephone service in Android. A local application can read and manipulate data.

Mitigation

Install security update from vendor's website.

Vulnerable software versions

SC9863A: All versions

SC9832E: All versions

SC7731E: All versions

T610: All versions

T310: All versions

T606: All versions

T760: All versions

T618: All versions

T612: All versions

T616: All versions

T770: All versions

T820: All versions

S8000: All versions

External links

http://www.unisoc.com/en_us/secy/announcementDetail/1632612109718192129


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

5) Use After Free

EUVDB-ID: #VU72830

Risk: Low

CVSSv3.1: 6.2 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2022-47460

CWE-ID: CWE-416 - Use After Free

Exploit availability: No

Description

The vulnerability allows a local application to damange or delete data.

The vulnerability exists due to a memory corruption due to a use after free within the gpu device in Kerenl. A local application can damange or delete data.

Mitigation

Install security update from vendor's website.

Vulnerable software versions

SC9863A: All versions

SC9832E: All versions

SC7731E: All versions

T610: All versions

T310: All versions

T606: All versions

T760: All versions

T618: All versions

T612: All versions

T616: All versions

T770: All versions

T820: All versions

S8000: All versions

External links

http://www.unisoc.com/en_us/secy/announcementDetail/1632612109718192129


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

6) Out-of-bounds read

EUVDB-ID: #VU72829

Risk: Low

CVSSv3.1: 4.6 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L/E:U/RL:O/RC:C]

CVE-ID: CVE-2022-47458

CWE-ID: CWE-125 - Out-of-bounds read

Exploit availability: No

Description

The vulnerability allows a local application to read and manipulate data.

The vulnerability exists due to a possible missing params check within the fm driver in Kerenl. A local application can read and manipulate data.

Mitigation

Install security update from vendor's website.

Vulnerable software versions

SC9863A: All versions

SC9832E: All versions

SC7731E: All versions

T610: All versions

T310: All versions

T606: All versions

T760: All versions

T618: All versions

T612: All versions

T616: All versions

T770: All versions

T820: All versions

S8000: All versions

External links

http://www.unisoc.com/en_us/secy/announcementDetail/1632612109718192129


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

7) Out-of-bounds write

EUVDB-ID: #VU72828

Risk: Low

CVSSv3.1: 4.6 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L/E:U/RL:O/RC:C]

CVE-ID: CVE-2022-47457

CWE-ID: CWE-787 - Out-of-bounds write

Exploit availability: No

Description

The vulnerability allows a local application to read and manipulate data.

The vulnerability exists due to a possible missing params check within the fm driver in Kerenl. A local application can read and manipulate data.

Mitigation

Install security update from vendor's website.

Vulnerable software versions

SC9863A: All versions

SC9832E: All versions

SC7731E: All versions

T610: All versions

T310: All versions

T606: All versions

T760: All versions

T618: All versions

T612: All versions

T616: All versions

T770: All versions

T820: All versions

S8000: All versions

External links

http://www.unisoc.com/en_us/secy/announcementDetail/1632612109718192129


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

8) Buffer over-read

EUVDB-ID: #VU72827

Risk: Low

CVSSv3.1: 4.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2022-47456

CWE-ID: CWE-126 - Buffer over-read

Exploit availability: No

Description

The vulnerability allows a local application to perform a denial of service (DoS) attack.

The vulnerability exists due to a possible missing params check within the wlan driver in Kerenl. A local application can perform a denial of service (DoS) attack.

Mitigation

Install security update from vendor's website.

Vulnerable software versions

SC9863A: All versions

SC9832E: All versions

SC7731E: All versions

T610: All versions

T310: All versions

T606: All versions

T760: All versions

T618: All versions

T612: All versions

T616: All versions

T770: All versions

T820: All versions

S8000: All versions

External links

http://www.unisoc.com/en_us/secy/announcementDetail/1632612109718192129


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

9) Buffer over-read

EUVDB-ID: #VU72826

Risk: Low

CVSSv3.1: 4.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2022-47455

CWE-ID: CWE-126 - Buffer over-read

Exploit availability: No

Description

The vulnerability allows a local application to perform a denial of service (DoS) attack.

The vulnerability exists due to a possible missing params check within the wlan driver in Kerenl. A local application can perform a denial of service (DoS) attack.

Mitigation

Install security update from vendor's website.

Vulnerable software versions

SC9863A: All versions

SC9832E: All versions

SC7731E: All versions

T610: All versions

T310: All versions

T606: All versions

T760: All versions

T618: All versions

T612: All versions

T616: All versions

T770: All versions

T820: All versions

S8000: All versions

External links

http://www.unisoc.com/en_us/secy/announcementDetail/1632612109718192129


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

10) Integer overflow

EUVDB-ID: #VU72825

Risk: Low

CVSSv3.1: 4.5 [CVSS:3.1/AV:L/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:L/E:U/RL:O/RC:C]

CVE-ID: CVE-2022-47454

CWE-ID: CWE-190 - Integer overflow

Exploit availability: No

Description

The vulnerability allows a local privileged application to read and manipulate data.

The vulnerability exists due to a possible missing params check within the wlan driver in Kerenl. A local privileged application can read and manipulate data.

Mitigation

Install security update from vendor's website.

Vulnerable software versions

SC9863A: All versions

SC9832E: All versions

SC7731E: All versions

T610: All versions

T310: All versions

T606: All versions

T760: All versions

T618: All versions

T612: All versions

T616: All versions

T770: All versions

T820: All versions

S8000: All versions

External links

http://www.unisoc.com/en_us/secy/announcementDetail/1632612109718192129


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

11) Memory corruption

EUVDB-ID: #VU72824

Risk: Low

CVSSv3.1: 4.5 [CVSS:3.1/AV:L/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:L/E:U/RL:O/RC:C]

CVE-ID: CVE-2022-47453

CWE-ID: CWE-119 - Memory corruption

Exploit availability: No

Description

The vulnerability allows a local privileged application to read and manipulate data.

The vulnerability exists due to a possible missing params check within the wcn service in Kerenl. A local privileged application can read and manipulate data.

Mitigation

Install security update from vendor's website.

Vulnerable software versions

SC9863A: All versions

SC9832E: All versions

SC7731E: All versions

T610: All versions

T310: All versions

T606: All versions

T760: All versions

T618: All versions

T612: All versions

T616: All versions

T770: All versions

T820: All versions

S8000: All versions

External links

http://www.unisoc.com/en_us/secy/announcementDetail/1632612109718192129


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

12) Missing Authorization

EUVDB-ID: #VU72822

Risk: Low

CVSSv3.1: 4.6 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L/E:U/RL:O/RC:C]

CVE-ID: CVE-2022-47483

CWE-ID: CWE-862 - Missing Authorization

Exploit availability: No

Description

The vulnerability allows a local application to read and manipulate data.

The vulnerability exists due to a missing permission check within the telephone service in Android. A local application can read and manipulate data.

Mitigation

Install security update from vendor's website.

Vulnerable software versions

SC9863A: All versions

SC9832E: All versions

SC7731E: All versions

T610: All versions

T310: All versions

T606: All versions

T760: All versions

T618: All versions

T612: All versions

T616: All versions

T770: All versions

T820: All versions

S8000: All versions

External links

http://www.unisoc.com/en_us/secy/announcementDetail/1632612109718192129


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

13) Information Exposure

EUVDB-ID: #VU72810

Risk: Low

CVSSv3.1: 4.6 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L/E:U/RL:O/RC:C]

CVE-ID: CVE-2022-47472

CWE-ID: CWE-200 - Information exposure

Exploit availability: No

Description

The vulnerability allows a local application to read and manipulate data.

The vulnerability exists due to a missing permission check within the setting service in Android. A local application can read and manipulate data.

Mitigation

Install security update from vendor's website.

Vulnerable software versions

SC9863A: All versions

SC9832E: All versions

SC7731E: All versions

T610: All versions

T310: All versions

T606: All versions

T760: All versions

T618: All versions

T612: All versions

T616: All versions

T770: All versions

T820: All versions

S8000: All versions

External links

http://www.unisoc.com/en_us/secy/announcementDetail/1632612109718192129


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

14) Missing Authorization

EUVDB-ID: #VU72821

Risk: Low

CVSSv3.1: 4.6 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L/E:U/RL:O/RC:C]

CVE-ID: CVE-2022-47482

CWE-ID: CWE-862 - Missing Authorization

Exploit availability: No

Description

The vulnerability allows a local application to read and manipulate data.

The vulnerability exists due to a missing permission check within the telephone service in Android. A local application can read and manipulate data.

Mitigation

Install security update from vendor's website.

Vulnerable software versions

SC9863A: All versions

SC9832E: All versions

SC7731E: All versions

T610: All versions

T310: All versions

T606: All versions

T760: All versions

T618: All versions

T612: All versions

T616: All versions

T770: All versions

T820: All versions

S8000: All versions

External links

http://www.unisoc.com/en_us/secy/announcementDetail/1632612109718192129


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

15) Missing Authorization

EUVDB-ID: #VU72820

Risk: Low

CVSSv3.1: 4.6 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L/E:U/RL:O/RC:C]

CVE-ID: CVE-2022-47481

CWE-ID: CWE-862 - Missing Authorization

Exploit availability: No

Description

The vulnerability allows a local application to read and manipulate data.

The vulnerability exists due to a missing permission check within the telephone service in Android. A local application can read and manipulate data.

Mitigation

Install security update from vendor's website.

Vulnerable software versions

SC9863A: All versions

SC9832E: All versions

SC7731E: All versions

T610: All versions

T310: All versions

T606: All versions

T760: All versions

T618: All versions

T612: All versions

T616: All versions

T770: All versions

T820: All versions

S8000: All versions

External links

http://www.unisoc.com/en_us/secy/announcementDetail/1632612109718192129


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

16) Missing Authorization

EUVDB-ID: #VU72819

Risk: Low

CVSSv3.1: 4.6 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L/E:U/RL:O/RC:C]

CVE-ID: CVE-2022-47480

CWE-ID: CWE-862 - Missing Authorization

Exploit availability: No

Description

The vulnerability allows a local application to read and manipulate data.

The vulnerability exists due to a missing permission check within the telephone service in Android. A local application can read and manipulate data.

Mitigation

Install security update from vendor's website.

Vulnerable software versions

SC9863A: All versions

SC9832E: All versions

SC7731E: All versions

T610: All versions

T310: All versions

T606: All versions

T760: All versions

T618: All versions

T612: All versions

T616: All versions

T770: All versions

T820: All versions

S8000: All versions

External links

http://www.unisoc.com/en_us/secy/announcementDetail/1632612109718192129


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

17) Information Exposure

EUVDB-ID: #VU72818

Risk: Low

CVSSv3.1: 4.6 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L/E:U/RL:O/RC:C]

CVE-ID: CVE-2022-47479

CWE-ID: CWE-200 - Information exposure

Exploit availability: No

Description

The vulnerability allows a local application to read and manipulate data.

The vulnerability exists due to a missing permission check within the telephone service in Android. A local application can read and manipulate data.

Mitigation

Install security update from vendor's website.

Vulnerable software versions

SC9863A: All versions

SC9832E: All versions

SC7731E: All versions

T610: All versions

T310: All versions

T606: All versions

T760: All versions

T618: All versions

T612: All versions

T616: All versions

T770: All versions

T820: All versions

S8000: All versions

External links

http://www.unisoc.com/en_us/secy/announcementDetail/1632612109718192129


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

18) Information Exposure

EUVDB-ID: #VU72817

Risk: Low

CVSSv3.1: 4.6 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L/E:U/RL:O/RC:C]

CVE-ID: CVE-2022-47478

CWE-ID: CWE-200 - Information exposure

Exploit availability: No

Description

The vulnerability allows a local application to read and manipulate data.

The vulnerability exists due to a missing permission check within the telephone service in Android. A local application can read and manipulate data.

Mitigation

Install security update from vendor's website.

Vulnerable software versions

SC9863A: All versions

SC9832E: All versions

SC7731E: All versions

T610: All versions

T310: All versions

T606: All versions

T760: All versions

T618: All versions

T612: All versions

T616: All versions

T770: All versions

T820: All versions

S8000: All versions

External links

http://www.unisoc.com/en_us/secy/announcementDetail/1632612109718192129


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

19) Information Exposure

EUVDB-ID: #VU72816

Risk: Low

CVSSv3.1: 4.6 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L/E:U/RL:O/RC:C]

CVE-ID: CVE-2022-47477

CWE-ID: CWE-200 - Information exposure

Exploit availability: No

Description

The vulnerability allows a local application to read and manipulate data.

The vulnerability exists due to a missing permission check within the telephone service in Android. A local application can read and manipulate data.

Mitigation

Install security update from vendor's website.

Vulnerable software versions

SC9863A: All versions

SC9832E: All versions

SC7731E: All versions

T610: All versions

T310: All versions

T606: All versions

T760: All versions

T618: All versions

T612: All versions

T616: All versions

T770: All versions

T820: All versions

S8000: All versions

External links

http://www.unisoc.com/en_us/secy/announcementDetail/1632612109718192129


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

20) Information Exposure

EUVDB-ID: #VU72815

Risk: Low

CVSSv3.1: 4.6 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L/E:U/RL:O/RC:C]

CVE-ID: CVE-2022-47476

CWE-ID: CWE-200 - Information exposure

Exploit availability: No

Description

The vulnerability allows a local application to read and manipulate data.

The vulnerability exists due to a missing permission check within the telephone service in Android. A local application can read and manipulate data.

Mitigation

Install security update from vendor's website.

Vulnerable software versions

SC9863A: All versions

SC9832E: All versions

SC7731E: All versions

T610: All versions

T310: All versions

T606: All versions

T760: All versions

T618: All versions

T612: All versions

T616: All versions

T770: All versions

T820: All versions

S8000: All versions

External links

http://www.unisoc.com/en_us/secy/announcementDetail/1632612109718192129


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

21) Information Exposure

EUVDB-ID: #VU72814

Risk: Low

CVSSv3.1: 4.6 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L/E:U/RL:O/RC:C]

CVE-ID: CVE-2022-47475

CWE-ID: CWE-200 - Information exposure

Exploit availability: No

Description

The vulnerability allows a local application to read and manipulate data.

The vulnerability exists due to a missing permission check within the telephone service in Android. A local application can read and manipulate data.

Mitigation

Install security update from vendor's website.

Vulnerable software versions

SC9863A: All versions

SC9832E: All versions

SC7731E: All versions

T610: All versions

T310: All versions

T606: All versions

T760: All versions

T618: All versions

T612: All versions

T616: All versions

T770: All versions

T820: All versions

S8000: All versions

External links

http://www.unisoc.com/en_us/secy/announcementDetail/1632612109718192129


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

22) Information Exposure

EUVDB-ID: #VU72813

Risk: Low

CVSSv3.1: 4.6 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L/E:U/RL:O/RC:C]

CVE-ID: CVE-2022-47474

CWE-ID: CWE-200 - Information exposure

Exploit availability: No

Description

The vulnerability allows a local application to read and manipulate data.

The vulnerability exists due to a missing permission check within the telephone service in Android. A local application can read and manipulate data.

Mitigation

Install security update from vendor's website.

Vulnerable software versions

SC9863A: All versions

SC9832E: All versions

SC7731E: All versions

T610: All versions

T310: All versions

T606: All versions

T760: All versions

T618: All versions

T612: All versions

T616: All versions

T770: All versions

T820: All versions

S8000: All versions

External links

http://www.unisoc.com/en_us/secy/announcementDetail/1632612109718192129


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

23) Information Exposure

EUVDB-ID: #VU72812

Risk: Low

CVSSv3.1: 4.6 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L/E:U/RL:O/RC:C]

CVE-ID: CVE-2022-47471

CWE-ID: CWE-200 - Information exposure

Exploit availability: No

Description

The vulnerability allows a local application to read and manipulate data.

The vulnerability exists due to a missing permission check within the telephone service in Android. A local application can read and manipulate data.

Mitigation

Install security update from vendor's website.

Vulnerable software versions

SC9863A: All versions

SC9832E: All versions

SC7731E: All versions

T610: All versions

T310: All versions

T606: All versions

T760: All versions

T618: All versions

T612: All versions

T616: All versions

T770: All versions

T820: All versions

S8000: All versions

External links

http://www.unisoc.com/en_us/secy/announcementDetail/1632612109718192129


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

24) Information Exposure

EUVDB-ID: #VU72811

Risk: Low

CVSSv3.1: 4.6 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L/E:U/RL:O/RC:C]

CVE-ID: CVE-2022-47473

CWE-ID: CWE-200 - Information exposure

Exploit availability: No

Description

The vulnerability allows a local application to read and manipulate data.

The vulnerability exists due to a missing permission check within the telephone service in Android. A local application can read and manipulate data.

Mitigation

Install security update from vendor's website.

Vulnerable software versions

SC9863A: All versions

SC9832E: All versions

SC7731E: All versions

T610: All versions

T310: All versions

T606: All versions

T760: All versions

T618: All versions

T612: All versions

T616: All versions

T770: All versions

T820: All versions

S8000: All versions

External links

http://www.unisoc.com/en_us/secy/announcementDetail/1632612109718192129


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.



###SIDEBAR###