Risk | Low |
Patch available | YES |
Number of vulnerabilities | 11 |
CVE-ID | CVE-2022-47335 CVE-2022-47336 CVE-2022-47337 CVE-2022-47338 CVE-2022-47362 CVE-2022-47463 CVE-2022-47464 CVE-2022-47465 CVE-2022-47466 CVE-2022-47467 CVE-2022-47468 |
CWE-ID | CWE-120 CWE-787 CWE-200 CWE-476 |
Exploitation vector | Local |
Public exploit | N/A |
Vulnerable software |
SC9863A Mobile applications / Mobile firmware & hardware SC9832E Mobile applications / Mobile firmware & hardware SC7731E Mobile applications / Mobile firmware & hardware T610 Mobile applications / Mobile firmware & hardware T310 Mobile applications / Mobile firmware & hardware T606 Mobile applications / Mobile firmware & hardware T760 Mobile applications / Mobile firmware & hardware T618 Mobile applications / Mobile firmware & hardware T612 Mobile applications / Mobile firmware & hardware T616 Mobile applications / Mobile firmware & hardware T770 Mobile applications / Mobile firmware & hardware T820 Mobile applications / Mobile firmware & hardware S8000 Mobile applications / Mobile firmware & hardware |
Vendor | UNISOC |
Security Bulletin
This security bulletin contains information about 11 vulnerabilities.
EUVDB-ID: #VU74998
Risk: Low
CVSSv3.1: 7.1 [CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2022-47335
CWE-ID:
CWE-120 - Buffer overflow
Exploit availability: No
DescriptionThe vulnerability allows a local privileged application to execute arbitrary code.
The vulnerability exists due to a missing permission check within the Telecom service in Android. A local privileged application can execute arbitrary code.
MitigationInstall security update from vendor's website.
Vulnerable software versionsSC9863A: All versions
SC9832E: All versions
SC7731E: All versions
T610: All versions
T310: All versions
T606: All versions
T760: All versions
T618: All versions
T612: All versions
T616: All versions
T770: All versions
T820: All versions
S8000: All versions
CPE2.3http://www.unisoc.com/en_us/secy/announcementDetail/1645429273135218690
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
EUVDB-ID: #VU74999
Risk: Low
CVSSv3.1: 7.1 [CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2022-47336
CWE-ID:
CWE-120 - Buffer overflow
Exploit availability: No
DescriptionThe vulnerability allows a local privileged application to execute arbitrary code.
The vulnerability exists due to a missing permission check within the Telecom service in Android. A local privileged application can execute arbitrary code.
MitigationInstall security update from vendor's website.
Vulnerable software versionsSC9863A: All versions
SC9832E: All versions
SC7731E: All versions
T610: All versions
T310: All versions
T606: All versions
T760: All versions
T618: All versions
T612: All versions
T616: All versions
T770: All versions
T820: All versions
S8000: All versions
CPE2.3http://www.unisoc.com/en_us/secy/announcementDetail/1645429273135218690
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
EUVDB-ID: #VU75000
Risk: Low
CVSSv3.1: 6.4 [CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:C/C:L/I:H/A:L/E:U/RL:O/RC:C]
CVE-ID: CVE-2022-47337
CWE-ID:
CWE-787 - Out-of-bounds write
Exploit availability: No
DescriptionThe vulnerability allows a local application to read and manipulate data.
The vulnerability exists due to a missing permission check within the Media service in Android. A local application can read and manipulate data.
MitigationInstall security update from vendor's website.
Vulnerable software versionsSC9863A: All versions
SC9832E: All versions
SC7731E: All versions
T610: All versions
T310: All versions
T606: All versions
T760: All versions
T618: All versions
T612: All versions
T616: All versions
T770: All versions
T820: All versions
S8000: All versions
CPE2.3http://www.unisoc.com/en_us/secy/announcementDetail/1645429273135218690
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
EUVDB-ID: #VU75001
Risk: Low
CVSSv3.1: 5.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2022-47338
CWE-ID:
CWE-200 - Information exposure
Exploit availability: No
DescriptionThe vulnerability allows a local application to read and manipulate data.
The vulnerability exists due to a missing permission check within the email service in Android. A local application can read and manipulate data.
MitigationInstall security update from vendor's website.
Vulnerable software versionsSC9863A: All versions
SC9832E: All versions
SC7731E: All versions
T610: All versions
T310: All versions
T606: All versions
T760: All versions
T618: All versions
T612: All versions
T616: All versions
T770: All versions
T820: All versions
S8000: All versions
CPE2.3http://www.unisoc.com/en_us/secy/announcementDetail/1645429273135218690
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
EUVDB-ID: #VU75002
Risk: Low
CVSSv3.1: 3.7 [CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:L/I:L/A:L/E:U/RL:O/RC:C]
CVE-ID: CVE-2022-47362
CWE-ID:
CWE-120 - Buffer overflow
Exploit availability: No
DescriptionThe vulnerability allows a local privileged application to read and manipulate data.
The vulnerability exists due to a missing permission check within the Telecom service in Android. A local privileged application can read and manipulate data.
MitigationInstall security update from vendor's website.
Vulnerable software versionsSC9863A: All versions
SC9832E: All versions
SC7731E: All versions
T610: All versions
T310: All versions
T606: All versions
T760: All versions
T618: All versions
T612: All versions
T616: All versions
T770: All versions
T820: All versions
S8000: All versions
CPE2.3http://www.unisoc.com/en_us/secy/announcementDetail/1645429273135218690
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
EUVDB-ID: #VU75003
Risk: Low
CVSSv3.1: 3.9 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:L/E:U/RL:O/RC:C]
CVE-ID: CVE-2022-47463
CWE-ID:
CWE-120 - Buffer overflow
Exploit availability: No
DescriptionThe vulnerability allows a local application to manipulate or delete data.
The vulnerability exists due to a missing permission check within the Vdsp service in Android. A local application can manipulate or delete data.
MitigationInstall security update from vendor's website.
Vulnerable software versionsSC9863A: All versions
SC9832E: All versions
SC7731E: All versions
T610: All versions
T310: All versions
T606: All versions
T760: All versions
T618: All versions
T612: All versions
T616: All versions
T770: All versions
T820: All versions
S8000: All versions
CPE2.3http://www.unisoc.com/en_us/secy/announcementDetail/1645429273135218690
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
EUVDB-ID: #VU75004
Risk: Low
CVSSv3.1: 3.9 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:L/E:U/RL:O/RC:C]
CVE-ID: CVE-2022-47464
CWE-ID:
CWE-120 - Buffer overflow
Exploit availability: No
DescriptionThe vulnerability allows a local application to manipulate or delete data.
The vulnerability exists due to a missing permission check within the Vdsp service in Android. A local application can manipulate or delete data.
MitigationInstall security update from vendor's website.
Vulnerable software versionsSC9863A: All versions
SC9832E: All versions
SC7731E: All versions
T610: All versions
T310: All versions
T606: All versions
T760: All versions
T618: All versions
T612: All versions
T616: All versions
T770: All versions
T820: All versions
S8000: All versions
CPE2.3http://www.unisoc.com/en_us/secy/announcementDetail/1645429273135218690
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
EUVDB-ID: #VU75005
Risk: Low
CVSSv3.1: 3.9 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:L/E:U/RL:O/RC:C]
CVE-ID: CVE-2022-47465
CWE-ID:
CWE-476 - NULL Pointer Dereference
Exploit availability: No
DescriptionThe vulnerability allows a local application to manipulate or delete data.
The vulnerability exists due to a missing permission check within the Vdsp service in Android. A local application can manipulate or delete data.
MitigationInstall security update from vendor's website.
Vulnerable software versionsSC9863A: All versions
SC9832E: All versions
SC7731E: All versions
T610: All versions
T310: All versions
T606: All versions
T760: All versions
T618: All versions
T612: All versions
T616: All versions
T770: All versions
T820: All versions
S8000: All versions
CPE2.3http://www.unisoc.com/en_us/secy/announcementDetail/1645429273135218690
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
EUVDB-ID: #VU75006
Risk: Low
CVSSv3.1: 3.9 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:L/E:U/RL:O/RC:C]
CVE-ID: CVE-2022-47466
CWE-ID:
CWE-476 - NULL Pointer Dereference
Exploit availability: No
DescriptionThe vulnerability allows a local application to manipulate or delete data.
The vulnerability exists due to a missing permission check within the Telecom service in Android. A local application can manipulate or delete data.
MitigationInstall security update from vendor's website.
Vulnerable software versionsSC9863A: All versions
SC9832E: All versions
SC7731E: All versions
T610: All versions
T310: All versions
T606: All versions
T760: All versions
T618: All versions
T612: All versions
T616: All versions
T770: All versions
T820: All versions
S8000: All versions
CPE2.3http://www.unisoc.com/en_us/secy/announcementDetail/1645429273135218690
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
EUVDB-ID: #VU75007
Risk: Low
CVSSv3.1: 3.9 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:L/E:U/RL:O/RC:C]
CVE-ID: CVE-2022-47467
CWE-ID:
CWE-476 - NULL Pointer Dereference
Exploit availability: No
DescriptionThe vulnerability allows a local application to manipulate or delete data.
The vulnerability exists due to a missing permission check within the Telecom service in Android. A local application can manipulate or delete data.
MitigationInstall security update from vendor's website.
Vulnerable software versionsSC9863A: All versions
SC9832E: All versions
SC7731E: All versions
T610: All versions
T310: All versions
T606: All versions
T760: All versions
T618: All versions
T612: All versions
T616: All versions
T770: All versions
T820: All versions
S8000: All versions
CPE2.3http://www.unisoc.com/en_us/secy/announcementDetail/1645429273135218690
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
EUVDB-ID: #VU75008
Risk: Low
CVSSv3.1: 3.9 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:L/E:U/RL:O/RC:C]
CVE-ID: CVE-2022-47468
CWE-ID:
CWE-476 - NULL Pointer Dereference
Exploit availability: No
DescriptionThe vulnerability allows a local application to manipulate or delete data.
The vulnerability exists due to a missing permission check within the Telecom service in Android. A local application can manipulate or delete data.
MitigationInstall security update from vendor's website.
Vulnerable software versionsSC9863A: All versions
SC9832E: All versions
SC7731E: All versions
T610: All versions
T310: All versions
T606: All versions
T760: All versions
T618: All versions
T612: All versions
T616: All versions
T770: All versions
T820: All versions
S8000: All versions
CPE2.3http://www.unisoc.com/en_us/secy/announcementDetail/1645429273135218690
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.