Multiple vulnerabilities in Unisoc chipsets
| Risk | High |
| Patch available | YES |
| Number of vulnerabilities | 66 |
| CVE-ID | CVE-2022-48383 CVE-2022-48370 CVE-2022-48371 CVE-2022-48372 CVE-2022-48373 CVE-2022-48374 CVE-2022-48375 CVE-2022-48376 CVE-2022-48377 CVE-2022-48378 CVE-2022-48379 CVE-2022-47340 CVE-2022-48380 CVE-2022-48381 CVE-2022-48382 CVE-2022-48384 CVE-2022-48368 CVE-2022-48386 CVE-2022-48387 CVE-2022-38685 CVE-2022-39089 CVE-2022-48388 CVE-2022-44433 CVE-2022-48389 CVE-2022-47334 CVE-2022-47485 CVE-2022-47469 CVE-2022-47470 CVE-2022-47486 CVE-2022-47487 CVE-2022-47488 CVE-2022-48369 CVE-2022-48250 CVE-2022-48385 CVE-2022-47497 CVE-2022-44420 CVE-2022-44419 CVE-2022-48232 CVE-2022-48233 CVE-2022-48234 CVE-2022-47490 CVE-2022-47492 CVE-2022-47493 CVE-2022-48231 CVE-2022-47489 CVE-2022-47491 CVE-2022-47494 CVE-2022-47495 CVE-2022-47496 CVE-2022-47498 CVE-2022-48249 CVE-2022-48242 CVE-2022-48248 CVE-2022-48247 CVE-2022-48246 CVE-2022-48245 CVE-2022-48244 CVE-2022-48243 CVE-2022-48241 CVE-2022-47499 CVE-2022-48240 CVE-2022-48239 CVE-2022-48238 CVE-2022-48237 CVE-2022-48236 CVE-2022-48235 |
| CWE-ID | CWE-862 CWE-200 CWE-190 CWE-476 CWE-121 CWE-400 CWE-120 CWE-415 CWE-787 CWE-125 CWE-119 |
| Exploitation vector | Network |
| Public exploit | N/A |
| Vulnerable software Subscribe |
SC9863A Mobile applications / Mobile firmware & hardware SC9832E Mobile applications / Mobile firmware & hardware SC7731E Mobile applications / Mobile firmware & hardware T610 Mobile applications / Mobile firmware & hardware T310 Mobile applications / Mobile firmware & hardware T606 Mobile applications / Mobile firmware & hardware T760 Mobile applications / Mobile firmware & hardware T618 Mobile applications / Mobile firmware & hardware T612 Mobile applications / Mobile firmware & hardware T616 Mobile applications / Mobile firmware & hardware T770 Mobile applications / Mobile firmware & hardware T820 Mobile applications / Mobile firmware & hardware S8000 Mobile applications / Mobile firmware & hardware |
| Vendor | UNISOC |
Security Bulletin
This security bulletin contains information about 66 vulnerabilities.
1) Missing Authorization
EUVDB-ID: #VU75858
Risk: Low
CVSSv3.1: 3.5 [CVSS:3.1/AV:L/AC:H/PR:H/UI:R/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2022-48383
CWE-ID:
CWE-862 - Missing Authorization
Exploit availability: No
DescriptionThe vulnerability allows a local privileged application to perform a denial of service (DoS) attack.
The vulnerability exists due to a possible missing permission check within the srtd service in Android. A local privileged application can perform a denial of service (DoS) attack.
MitigationInstall security update from vendor's website.
Vulnerable software versionsSC9863A: All versions
SC9832E: All versions
SC7731E: All versions
T610: All versions
T310: All versions
T606: All versions
T760: All versions
T618: All versions
T612: All versions
T616: All versions
T770: All versions
T820: All versions
S8000: All versions
External linkshttp://www.unisoc.com/en_us/secy/announcementDetail/1654776866982133761
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
2) Information exposure
EUVDB-ID: #VU75844
Risk: Low
CVSSv3.1: 4.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C]
CVE-ID: CVE-2022-48370
CWE-ID:
CWE-200 - Information exposure
Exploit availability: No
DescriptionThe vulnerability allows a local application to gain access to sensitive information.
The vulnerability exists due to a possible missing permission check within the dialer service in Android. A local application can gain access to sensitive information.
MitigationInstall security update from vendor's website.
Vulnerable software versionsSC9863A: All versions
SC9832E: All versions
SC7731E: All versions
T610: All versions
T310: All versions
T606: All versions
T760: All versions
T618: All versions
T612: All versions
T616: All versions
T770: All versions
T820: All versions
S8000: All versions
External linkshttp://www.unisoc.com/en_us/secy/announcementDetail/1654776866982133761
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
3) Information exposure
EUVDB-ID: #VU75845
Risk: Low
CVSSv3.1: 4.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C]
CVE-ID: CVE-2022-48371
CWE-ID:
CWE-200 - Information exposure
Exploit availability: No
DescriptionThe vulnerability allows a local application to gain access to sensitive information.
The vulnerability exists due to a possible missing permission check within the dialer service in Android. A local application can gain access to sensitive information.
MitigationInstall security update from vendor's website.
Vulnerable software versionsSC9863A: All versions
SC9832E: All versions
SC7731E: All versions
T610: All versions
T310: All versions
T606: All versions
T760: All versions
T618: All versions
T612: All versions
T616: All versions
T770: All versions
T820: All versions
S8000: All versions
External linkshttp://www.unisoc.com/en_us/secy/announcementDetail/1654776866982133761
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
4) Integer overflow
EUVDB-ID: #VU75846
Risk: Low
CVSSv3.1: 4.5 [CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:L/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2022-48372
CWE-ID:
CWE-190 - Integer overflow
Exploit availability: No
DescriptionThe vulnerability allows a local privileged application to damange or delete data.
The vulnerability exists due to a possible out of bounds write due to a missing bounds check within the bootcp service in Android. A local privileged application can damange or delete data.
MitigationInstall security update from vendor's website.
Vulnerable software versionsSC9863A: All versions
SC9832E: All versions
SC7731E: All versions
T610: All versions
T310: All versions
T606: All versions
T760: All versions
T618: All versions
T612: All versions
T616: All versions
T770: All versions
T820: All versions
S8000: All versions
External linkshttp://www.unisoc.com/en_us/secy/announcementDetail/1654776866982133761
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
5) Integer overflow
EUVDB-ID: #VU75847
Risk: Low
CVSSv3.1: 3.7 [CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:L/I:L/A:L/E:U/RL:O/RC:C]
CVE-ID: CVE-2022-48373
CWE-ID:
CWE-190 - Integer overflow
Exploit availability: No
DescriptionThe vulnerability allows a local privileged application to read and manipulate data.
The vulnerability exists due to a possible out of bounds write due to a missing bounds check within the tee service in Android. A local privileged application can read and manipulate data.
MitigationInstall security update from vendor's website.
Vulnerable software versionsSC9863A: All versions
SC9832E: All versions
SC7731E: All versions
T610: All versions
T310: All versions
T606: All versions
T760: All versions
T618: All versions
T612: All versions
T616: All versions
T770: All versions
T820: All versions
S8000: All versions
External linkshttp://www.unisoc.com/en_us/secy/announcementDetail/1654776866982133761
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
6) Integer overflow
EUVDB-ID: #VU75848
Risk: Low
CVSSv3.1: 3.7 [CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:L/I:L/A:L/E:U/RL:O/RC:C]
CVE-ID: CVE-2022-48374
CWE-ID:
CWE-190 - Integer overflow
Exploit availability: No
DescriptionThe vulnerability allows a local privileged application to read and manipulate data.
The vulnerability exists due to a possible out of bounds write due to a missing bounds check within the tee service in Android. A local privileged application can read and manipulate data.
MitigationInstall security update from vendor's website.
Vulnerable software versionsSC9863A: All versions
SC9832E: All versions
SC7731E: All versions
T610: All versions
T310: All versions
T606: All versions
T760: All versions
T618: All versions
T612: All versions
T616: All versions
T770: All versions
T820: All versions
S8000: All versions
External linkshttp://www.unisoc.com/en_us/secy/announcementDetail/1654776866982133761
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
7) Missing Authorization
EUVDB-ID: #VU75849
Risk: Medium
CVSSv3.1: 4.7 [CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:N/E:U/RL:O/RC:C]
CVE-ID: CVE-2022-48375
CWE-ID:
CWE-862 - Missing Authorization
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to read and manipulate data.
The vulnerability exists due to a possible missing permission check within the Contacts service in Android. A remote attacker can trick the victim to open a specially crafted file and read and manipulate data.
MitigationInstall security update from vendor's website.
Vulnerable software versionsSC9863A: All versions
SC9832E: All versions
SC7731E: All versions
T610: All versions
T310: All versions
T606: All versions
T760: All versions
T618: All versions
T612: All versions
T616: All versions
T770: All versions
T820: All versions
S8000: All versions
External linkshttp://www.unisoc.com/en_us/secy/announcementDetail/1654776866982133761
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
8) Missing Authorization
EUVDB-ID: #VU75850
Risk: Low
CVSSv3.1: 5.1 [CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:L/I:L/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2022-48376
CWE-ID:
CWE-862 - Missing Authorization
Exploit availability: No
DescriptionThe vulnerability allows a local application to read and manipulate data.
The vulnerability exists due to a possible missing permission check within the dialer in Android. A local application can read and manipulate data.
MitigationInstall security update from vendor's website.
Vulnerable software versionsSC9863A: All versions
SC9832E: All versions
SC7731E: All versions
T610: All versions
T310: All versions
T606: All versions
T760: All versions
T618: All versions
T612: All versions
T616: All versions
T770: All versions
T820: All versions
S8000: All versions
External linkshttp://www.unisoc.com/en_us/secy/announcementDetail/1654776866982133761
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
9) Missing Authorization
EUVDB-ID: #VU75851
Risk: Low
CVSSv3.1: 5.1 [CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:L/I:L/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2022-48377
CWE-ID:
CWE-862 - Missing Authorization
Exploit availability: No
DescriptionThe vulnerability allows a local application to read and manipulate data.
The vulnerability exists due to a possible missing permission check within the dialer in Android. A local application can read and manipulate data.
MitigationInstall security update from vendor's website.
Vulnerable software versionsSC9863A: All versions
SC9832E: All versions
SC7731E: All versions
T610: All versions
T310: All versions
T606: All versions
T760: All versions
T618: All versions
T612: All versions
T616: All versions
T770: All versions
T820: All versions
S8000: All versions
External linkshttp://www.unisoc.com/en_us/secy/announcementDetail/1654776866982133761
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
10) Missing Authorization
EUVDB-ID: #VU75852
Risk: Low
CVSSv3.1: 2.9 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N/E:U/RL:O/RC:C]
CVE-ID: CVE-2022-48378
CWE-ID:
CWE-862 - Missing Authorization
Exploit availability: No
DescriptionThe vulnerability allows a local application to manipulate data.
The vulnerability exists due to a possible missing permission check within the Engineermode service in Android. A local application can manipulate data.
MitigationInstall security update from vendor's website.
Vulnerable software versionsSC9863A: All versions
SC9832E: All versions
SC7731E: All versions
T610: All versions
T310: All versions
T606: All versions
T760: All versions
T618: All versions
T612: All versions
T616: All versions
T770: All versions
T820: All versions
S8000: All versions
External linkshttp://www.unisoc.com/en_us/secy/announcementDetail/1654776866982133761
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
11) NULL Pointer Dereference
EUVDB-ID: #VU75853
Risk: Low
CVSSv3.1: 2.9 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L/E:U/RL:O/RC:C]
CVE-ID: CVE-2022-48379
CWE-ID:
CWE-476 - NULL Pointer Dereference
Exploit availability: No
DescriptionThe vulnerability allows a local application to perform service disruption.
The vulnerability exists due to a possible missing permission check within the dialer in Android. A local application can perform service disruption.
MitigationInstall security update from vendor's website.
Vulnerable software versionsSC9863A: All versions
SC9832E: All versions
SC7731E: All versions
T610: All versions
T310: All versions
T606: All versions
T760: All versions
T618: All versions
T612: All versions
T616: All versions
T770: All versions
T820: All versions
S8000: All versions
External linkshttp://www.unisoc.com/en_us/secy/announcementDetail/1654776866982133761
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
12) Stack-based buffer overflow
EUVDB-ID: #VU75854
Risk: Medium
CVSSv3.1: 5.7 [CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2022-47340
CWE-ID:
CWE-121 - Stack-based buffer overflow
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to perform a denial of service (DoS) attack.
The vulnerability exists due to a possible out of bounds write due to a missing bounds check within the video decoder firmware in Android. A remote attacker can perform a denial of service (DoS) attack.
MitigationInstall security update from vendor's website.
Vulnerable software versionsSC9863A: All versions
SC9832E: All versions
SC7731E: All versions
T610: All versions
T310: All versions
T606: All versions
T760: All versions
T618: All versions
T612: All versions
T616: All versions
T770: All versions
T820: All versions
S8000: All versions
External linkshttp://www.unisoc.com/en_us/secy/announcementDetail/1654776866982133761
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
13) Resource exhaustion
EUVDB-ID: #VU75855
Risk: Low
CVSSv3.1: 5.3 [CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:L/I:L/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2022-48380
CWE-ID:
CWE-400 - Resource exhaustion
Exploit availability: No
DescriptionThe vulnerability allows a local application to read and manipulate data.
The vulnerability exists due to a possible out of bounds write due to a missing bounds check within the modem control device in Kernel. A local application can read and manipulate data.
MitigationInstall security update from vendor's website.
Vulnerable software versionsSC9863A: All versions
SC9832E: All versions
SC7731E: All versions
T610: All versions
T310: All versions
T606: All versions
T760: All versions
T618: All versions
T612: All versions
T616: All versions
T770: All versions
T820: All versions
S8000: All versions
External linkshttp://www.unisoc.com/en_us/secy/announcementDetail/1654776866982133761
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
14) Resource exhaustion
EUVDB-ID: #VU75856
Risk: Low
CVSSv3.1: 5.3 [CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:L/I:L/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2022-48381
CWE-ID:
CWE-400 - Resource exhaustion
Exploit availability: No
DescriptionThe vulnerability allows a local application to read and manipulate data.
The vulnerability exists due to a possible out of bounds write due to a missing bounds check within the modem control device in Kernel. A local application can read and manipulate data.
MitigationInstall security update from vendor's website.
Vulnerable software versionsSC9863A: All versions
SC9832E: All versions
SC7731E: All versions
T610: All versions
T310: All versions
T606: All versions
T760: All versions
T618: All versions
T612: All versions
T616: All versions
T770: All versions
T820: All versions
S8000: All versions
External linkshttp://www.unisoc.com/en_us/secy/announcementDetail/1654776866982133761
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
15) Buffer overflow
EUVDB-ID: #VU75857
Risk: Low
CVSSv3.1: 3.5 [CVSS:3.1/AV:L/AC:H/PR:H/UI:R/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2022-48382
CWE-ID:
CWE-120 - Buffer overflow
Exploit availability: No
DescriptionThe vulnerability allows a local privileged application to perform a denial of service (DoS) attack.
The vulnerability exists due to a possible out of bounds write due to a missing bounds check within the log service has buffer overflow issue in Android. A local privileged application can perform a denial of service (DoS) attack.
MitigationInstall security update from vendor's website.
Vulnerable software versionsSC9863A: All versions
SC9832E: All versions
SC7731E: All versions
T610: All versions
T310: All versions
T606: All versions
T760: All versions
T618: All versions
T612: All versions
T616: All versions
T770: All versions
T820: All versions
S8000: All versions
External linkshttp://www.unisoc.com/en_us/secy/announcementDetail/1654776866982133761
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
16) Missing Authorization
EUVDB-ID: #VU75859
Risk: Low
CVSSv3.1: 3.5 [CVSS:3.1/AV:L/AC:H/PR:H/UI:R/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2022-48384
CWE-ID:
CWE-862 - Missing Authorization
Exploit availability: No
DescriptionThe vulnerability allows a local privileged application to perform a denial of service (DoS) attack.
The vulnerability exists due to a possible missing permission check within the srtd service in Android. A local privileged application can perform a denial of service (DoS) attack.
MitigationInstall security update from vendor's website.
Vulnerable software versionsSC9863A: All versions
SC9832E: All versions
SC7731E: All versions
T610: All versions
T310: All versions
T606: All versions
T760: All versions
T618: All versions
T612: All versions
T616: All versions
T770: All versions
T820: All versions
S8000: All versions
External linkshttp://www.unisoc.com/en_us/secy/announcementDetail/1654776866982133761
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
17) Missing Authorization
EUVDB-ID: #VU75842
Risk: Low
CVSSv3.1: 2.9 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L/E:U/RL:O/RC:C]
CVE-ID: CVE-2022-48368
CWE-ID:
CWE-862 - Missing Authorization
Exploit availability: No
DescriptionThe vulnerability allows a local application to perform service disruption.
The vulnerability exists due to a possible missing permission check within the audio service in Audio. A local application can perform service disruption.
MitigationInstall security update from vendor's website.
Vulnerable software versionsSC9863A: All versions
SC9832E: All versions
SC7731E: All versions
T610: All versions
T310: All versions
T606: All versions
T760: All versions
T618: All versions
T612: All versions
T616: All versions
T770: All versions
T820: All versions
S8000: All versions
External linkshttp://www.unisoc.com/en_us/secy/announcementDetail/1654776866982133761
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
18) Double Free
EUVDB-ID: #VU75860
Risk: Low
CVSSv3.1: 4.4 [CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:C/C:L/I:L/A:L/E:U/RL:O/RC:C]
CVE-ID: CVE-2022-48386
CWE-ID:
CWE-415 - Double Free
Exploit availability: No
DescriptionThe vulnerability allows a local privileged application to read and manipulate data.
The vulnerability exists due to a possible use after free due to a logic error within the apipe driver in Android. A local privileged application can read and manipulate data.
MitigationInstall security update from vendor's website.
Vulnerable software versionsSC9863A: All versions
SC9832E: All versions
SC7731E: All versions
T610: All versions
T310: All versions
T606: All versions
T760: All versions
T618: All versions
T612: All versions
T616: All versions
T770: All versions
T820: All versions
S8000: All versions
External linkshttp://www.unisoc.com/en_us/secy/announcementDetail/1654776866982133761
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
19) Out-of-bounds write
EUVDB-ID: #VU75861
Risk: Low
CVSSv3.1: 4.4 [CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:C/C:L/I:L/A:L/E:U/RL:O/RC:C]
CVE-ID: CVE-2022-48387
CWE-ID:
CWE-787 - Out-of-bounds write
Exploit availability: No
DescriptionThe vulnerability allows a local privileged application to read and manipulate data.
The vulnerability exists due to a possible out of bounds write due to a missing bounds check within the apipe driver in Android. A local privileged application can read and manipulate data.
MitigationInstall security update from vendor's website.
Vulnerable software versionsSC9863A: All versions
SC9832E: All versions
SC7731E: All versions
T610: All versions
T310: All versions
T606: All versions
T760: All versions
T618: All versions
T612: All versions
T616: All versions
T770: All versions
T820: All versions
S8000: All versions
External linkshttp://www.unisoc.com/en_us/secy/announcementDetail/1654776866982133761
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
20) Resource exhaustion
EUVDB-ID: #VU75862
Risk: Medium
CVSSv3.1: 5.7 [CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2022-38685
CWE-ID:
CWE-400 - Resource exhaustion
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to perform a denial of service (DoS) attack.
The vulnerability exists due to a possible missing permission check within the bluetooth service in Android. A remote attacker can trick the victim to open a specially crafted file and perform a denial of service (DoS) attack.
MitigationInstall security update from vendor's website.
Vulnerable software versionsSC9863A: All versions
SC9832E: All versions
SC7731E: All versions
T610: All versions
T310: All versions
T606: All versions
T760: All versions
T618: All versions
T612: All versions
T616: All versions
T770: All versions
T820: All versions
S8000: All versions
External linkshttp://www.unisoc.com/en_us/secy/announcementDetail/1654776866982133761
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
21) Buffer overflow
EUVDB-ID: #VU75863
Risk: Low
CVSSv3.1: 3.7 [CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:L/I:L/A:L/E:U/RL:O/RC:C]
CVE-ID: CVE-2022-39089
CWE-ID:
CWE-120 - Buffer overflow
Exploit availability: No
DescriptionThe vulnerability allows a local privileged application to read and manipulate data.
The vulnerability exists due to a possible out of bounds read due to a missing bounds check within the mlog service in Android. A local privileged application can read and manipulate data.
MitigationInstall security update from vendor's website.
Vulnerable software versionsSC9863A: All versions
SC9832E: All versions
SC7731E: All versions
T610: All versions
T310: All versions
T606: All versions
T760: All versions
T618: All versions
T612: All versions
T616: All versions
T770: All versions
T820: All versions
S8000: All versions
External linkshttp://www.unisoc.com/en_us/secy/announcementDetail/1654776866982133761
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
22) Missing Authorization
EUVDB-ID: #VU75864
Risk: Low
CVSSv3.1: 3.9 [CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2022-48388
CWE-ID:
CWE-862 - Missing Authorization
Exploit availability: No
DescriptionThe vulnerability allows a local privileged application to perform a denial of service (DoS) attack.
The vulnerability exists due to a possible missing permission check within the Android. A local privileged application can perform a denial of service (DoS) attack.
MitigationInstall security update from vendor's website.
Vulnerable software versionsSC9863A: All versions
SC9832E: All versions
SC7731E: All versions
T610: All versions
T310: All versions
T606: All versions
T760: All versions
T618: All versions
T612: All versions
T616: All versions
T770: All versions
T820: All versions
S8000: All versions
External linkshttp://www.unisoc.com/en_us/secy/announcementDetail/1654776866982133761
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
23) Missing Authorization
EUVDB-ID: #VU75865
Risk: Medium
CVSSv3.1: 4.7 [CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:N/E:U/RL:O/RC:C]
CVE-ID: CVE-2022-44433
CWE-ID:
CWE-862 - Missing Authorization
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to read and manipulate data.
The vulnerability exists due to a possible missing permission check within the Android. A remote attacker can trick the victim to open a specially crafted file and read and manipulate data.
MitigationInstall security update from vendor's website.
Vulnerable software versionsSC9863A: All versions
SC9832E: All versions
SC7731E: All versions
T610: All versions
T310: All versions
T606: All versions
T760: All versions
T618: All versions
T612: All versions
T616: All versions
T770: All versions
T820: All versions
S8000: All versions
External linkshttp://www.unisoc.com/en_us/secy/announcementDetail/1654776866982133761
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
24) Stack-based buffer overflow
EUVDB-ID: #VU75866
Risk: Low
CVSSv3.1: 5.3 [CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:L/I:L/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2022-48389
CWE-ID:
CWE-121 - Stack-based buffer overflow
Exploit availability: No
DescriptionThe vulnerability allows a local application to read and manipulate data.
The vulnerability exists due to a possible out of bounds write due to a missing bounds check within the modem control device in Kernel. A local application can read and manipulate data.
MitigationInstall security update from vendor's website.
Vulnerable software versionsSC9863A: All versions
SC9832E: All versions
SC7731E: All versions
T610: All versions
T310: All versions
T606: All versions
T760: All versions
T618: All versions
T612: All versions
T616: All versions
T770: All versions
T820: All versions
S8000: All versions
External linkshttp://www.unisoc.com/en_us/secy/announcementDetail/1654776866982133761
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
25) Out-of-bounds read
EUVDB-ID: #VU75867
Risk: Low
CVSSv3.1: 3.7 [CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:L/I:L/A:L/E:U/RL:O/RC:C]
CVE-ID: CVE-2022-47334
CWE-ID:
CWE-125 - Out-of-bounds read
Exploit availability: No
DescriptionThe vulnerability allows a local privileged application to read and manipulate data.
The vulnerability exists due to a possible out of bounds read due to a missing bounds check within the phasecheck server in Android. A local privileged application can read and manipulate data.
MitigationInstall security update from vendor's website.
Vulnerable software versionsSC9863A: All versions
SC9832E: All versions
SC7731E: All versions
T610: All versions
T310: All versions
T606: All versions
T760: All versions
T618: All versions
T612: All versions
T616: All versions
T770: All versions
T820: All versions
S8000: All versions
External linkshttp://www.unisoc.com/en_us/secy/announcementDetail/1654776866982133761
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
26) Stack-based buffer overflow
EUVDB-ID: #VU75868
Risk: Low
CVSSv3.1: 3.7 [CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:L/I:L/A:L/E:U/RL:O/RC:C]
CVE-ID: CVE-2022-47485
CWE-ID:
CWE-121 - Stack-based buffer overflow
Exploit availability: No
DescriptionThe vulnerability allows a local privileged application to read and manipulate data.
The vulnerability exists due to a possible out of bounds write due to a missing bounds check within the phasecheck server in Android. A local privileged application can read and manipulate data.
MitigationInstall security update from vendor's website.
Vulnerable software versionsSC9863A: All versions
SC9832E: All versions
SC7731E: All versions
T610: All versions
T310: All versions
T606: All versions
T760: All versions
T618: All versions
T612: All versions
T616: All versions
T770: All versions
T820: All versions
S8000: All versions
External linkshttp://www.unisoc.com/en_us/secy/announcementDetail/1654776866982133761
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
27) Out-of-bounds write
EUVDB-ID: #VU75869
Risk: Low
CVSSv3.1: 6.3 [CVSS:3.1/AV:L/AC:H/PR:H/UI:R/S:C/C:H/I:H/A:L/E:U/RL:O/RC:C]
CVE-ID: CVE-2022-47469
CWE-ID:
CWE-787 - Out-of-bounds write
Exploit availability: No
DescriptionThe vulnerability allows a local privileged application to compromise the affected device.
The vulnerability exists due to a possible out of bounds read due to a missing bounds check within the ext4fsfilter driver in Kernel. A local privileged application can compromise the affected device.
MitigationInstall security update from vendor's website.
Vulnerable software versionsSC9863A: All versions
SC9832E: All versions
SC7731E: All versions
T610: All versions
T310: All versions
T606: All versions
T760: All versions
T618: All versions
T612: All versions
T616: All versions
T770: All versions
T820: All versions
S8000: All versions
External linkshttp://www.unisoc.com/en_us/secy/announcementDetail/1654776866982133761
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
28) Stack-based buffer overflow
EUVDB-ID: #VU75870
Risk: Low
CVSSv3.1: 6.3 [CVSS:3.1/AV:L/AC:H/PR:H/UI:R/S:C/C:H/I:H/A:L/E:U/RL:O/RC:C]
CVE-ID: CVE-2022-47470
CWE-ID:
CWE-121 - Stack-based buffer overflow
Exploit availability: No
DescriptionThe vulnerability allows a local privileged application to compromise the affected device.
The vulnerability exists due to a possible out of bounds read due to a missing bounds check within the ext4fsfilter driver in Kernel. A local privileged application can compromise the affected device.
MitigationInstall security update from vendor's website.
Vulnerable software versionsSC9863A: All versions
SC9832E: All versions
SC7731E: All versions
T610: All versions
T310: All versions
T606: All versions
T760: All versions
T618: All versions
T612: All versions
T616: All versions
T770: All versions
T820: All versions
S8000: All versions
External linkshttp://www.unisoc.com/en_us/secy/announcementDetail/1654776866982133761
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
29) Stack-based buffer overflow
EUVDB-ID: #VU75871
Risk: Low
CVSSv3.1: 6.3 [CVSS:3.1/AV:L/AC:H/PR:H/UI:R/S:C/C:H/I:H/A:L/E:U/RL:O/RC:C]
CVE-ID: CVE-2022-47486
CWE-ID:
CWE-121 - Stack-based buffer overflow
Exploit availability: No
DescriptionThe vulnerability allows a local privileged application to compromise the affected device.
The vulnerability exists due to a possible out of bounds read due to a missing bounds check within the ext4fsfilter driver in Kernel. A local privileged application can compromise the affected device.
MitigationInstall security update from vendor's website.
Vulnerable software versionsSC9863A: All versions
SC9832E: All versions
SC7731E: All versions
T610: All versions
T310: All versions
T606: All versions
T760: All versions
T618: All versions
T612: All versions
T616: All versions
T770: All versions
T820: All versions
S8000: All versions
External linkshttp://www.unisoc.com/en_us/secy/announcementDetail/1654776866982133761
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
30) Buffer overflow
EUVDB-ID: #VU75872
Risk: High
CVSSv3.1: 7.7 [CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:H/A:L/E:U/RL:O/RC:C]
CVE-ID: CVE-2022-47487
CWE-ID:
CWE-120 - Buffer overflow
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to read and manipulate data.
The vulnerability exists due to a possible out of bounds write due to a missing bounds check within the thermal service in Android. A remote attacker can trick the victim to open a specially crafted file and read and manipulate data.
MitigationInstall security update from vendor's website.
Vulnerable software versionsSC9863A: All versions
SC9832E: All versions
SC7731E: All versions
T610: All versions
T310: All versions
T606: All versions
T760: All versions
T618: All versions
T612: All versions
T616: All versions
T770: All versions
T820: All versions
S8000: All versions
External linkshttp://www.unisoc.com/en_us/secy/announcementDetail/1654776866982133761
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
31) Memory corruption
EUVDB-ID: #VU75873
Risk: Low
CVSSv3.1: 6.2 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2022-47488
CWE-ID:
CWE-119 - Memory corruption
Exploit availability: No
DescriptionThe vulnerability allows a local application to damange or delete data.
The vulnerability exists due to a possible out of bounds write due to a missing bounds check within the spipe drive in Kernel. A local application can damange or delete data.
MitigationInstall security update from vendor's website.
Vulnerable software versionsSC9863A: All versions
SC9832E: All versions
SC7731E: All versions
T610: All versions
T310: All versions
T606: All versions
T760: All versions
T618: All versions
T612: All versions
T616: All versions
T770: All versions
T820: All versions
S8000: All versions
External linkshttp://www.unisoc.com/en_us/secy/announcementDetail/1654776866982133761
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
32) Missing Authorization
EUVDB-ID: #VU75843
Risk: Low
CVSSv3.1: 2.9 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L/E:U/RL:O/RC:C]
CVE-ID: CVE-2022-48369
CWE-ID:
CWE-862 - Missing Authorization
Exploit availability: No
DescriptionThe vulnerability allows a local application to perform service disruption.
The vulnerability exists due to a possible missing permission check within the audio service in Audio. A local application can perform service disruption.
MitigationInstall security update from vendor's website.
Vulnerable software versionsSC9863A: All versions
SC9832E: All versions
SC7731E: All versions
T610: All versions
T310: All versions
T606: All versions
T760: All versions
T618: All versions
T612: All versions
T616: All versions
T770: All versions
T820: All versions
S8000: All versions
External linkshttp://www.unisoc.com/en_us/secy/announcementDetail/1654776866982133761
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
33) Missing Authorization
EUVDB-ID: #VU75841
Risk: Low
CVSSv3.1: 2.9 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L/E:U/RL:O/RC:C]
CVE-ID: CVE-2022-48250
CWE-ID:
CWE-862 - Missing Authorization
Exploit availability: No
DescriptionThe vulnerability allows a local application to perform service disruption.
The vulnerability exists due to a possible missing permission check within the audio service in Audio. A local application can perform service disruption.
MitigationInstall security update from vendor's website.
Vulnerable software versionsSC9863A: All versions
SC9832E: All versions
SC7731E: All versions
T610: All versions
T310: All versions
T606: All versions
T760: All versions
T618: All versions
T612: All versions
T616: All versions
T770: All versions
T820: All versions
S8000: All versions
External linkshttp://www.unisoc.com/en_us/secy/announcementDetail/1654776866982133761
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
34) Out-of-bounds write
EUVDB-ID: #VU75808
Risk: Low
CVSSv3.1: 3.8 [CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L/E:U/RL:O/RC:C]
CVE-ID: CVE-2022-48385
CWE-ID:
CWE-787 - Out-of-bounds write
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to perform service disruption.
The vulnerability exists due to a possible out of bounds write due to a missing bounds check within the the cp_dump driver in Kernel. A remote attacker can trick the victim to open a specially crafted file and perform service disruption.
MitigationInstall security update from vendor's website.
Vulnerable software versionsSC9863A: All versions
SC9832E: All versions
SC7731E: All versions
T610: All versions
T310: All versions
T606: All versions
T760: All versions
T618: All versions
T612: All versions
T616: All versions
T770: All versions
T820: All versions
S8000: All versions
External linkshttp://www.unisoc.com/en_us/secy/announcementDetail/1654776866982133761
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
35) Buffer overflow
EUVDB-ID: #VU75823
Risk: Low
CVSSv3.1: 3.9 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:L/E:U/RL:O/RC:C]
CVE-ID: CVE-2022-47497
CWE-ID:
CWE-120 - Buffer overflow
Exploit availability: No
DescriptionThe vulnerability allows a local application to manipulate or delete data.
The vulnerability exists due to a possible out of bounds write due to a missing bounds check within the Soter service in Android. A local application can manipulate or delete data.
MitigationInstall security update from vendor's website.
Vulnerable software versionsSC9863A: All versions
SC9832E: All versions
SC7731E: All versions
T610: All versions
T310: All versions
T606: All versions
T760: All versions
T618: All versions
T612: All versions
T616: All versions
T770: All versions
T820: All versions
S8000: All versions
External linkshttp://www.unisoc.com/en_us/secy/announcementDetail/1654776866982133761
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
36) Resource exhaustion
EUVDB-ID: #VU75809
Risk: Low
CVSSv3.1: 3.5 [CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:N/I:N/A:L/E:U/RL:O/RC:C]
CVE-ID: CVE-2022-44420
CWE-ID:
CWE-400 - Resource exhaustion
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to perform service disruption.
The vulnerability exists due to a possible missing verification of HashMME value in Security Mode Command within the Security Mode Command in Modem. A remote attacker can perform service disruption.
MitigationInstall security update from vendor's website.
Vulnerable software versionsSC9863A: All versions
SC9832E: All versions
SC7731E: All versions
T610: All versions
T310: All versions
T606: All versions
T760: All versions
T618: All versions
T612: All versions
T616: All versions
T770: All versions
T820: All versions
S8000: All versions
External linkshttp://www.unisoc.com/en_us/secy/announcementDetail/1654776866982133761
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
37) Resource exhaustion
EUVDB-ID: #VU75810
Risk: Low
CVSSv3.1: 3.5 [CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:N/I:N/A:L/E:U/RL:O/RC:C]
CVE-ID: CVE-2022-44419
CWE-ID:
CWE-400 - Resource exhaustion
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to perform service disruption.
The vulnerability exists due to a possible missing verification of NAS Security Mode Command Replay Attacks in LTE within the LTE in Modem. A remote attacker can perform service disruption.
MitigationInstall security update from vendor's website.
Vulnerable software versionsSC9863A: All versions
SC9832E: All versions
SC7731E: All versions
T610: All versions
T310: All versions
T606: All versions
T760: All versions
T618: All versions
T612: All versions
T616: All versions
T770: All versions
T820: All versions
S8000: All versions
External linkshttp://www.unisoc.com/en_us/secy/announcementDetail/1654776866982133761
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
38) Stack-based buffer overflow
EUVDB-ID: #VU75811
Risk: Low
CVSSv3.1: 3.9 [CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C]
CVE-ID: CVE-2022-48232
CWE-ID:
CWE-121 - Stack-based buffer overflow
Exploit availability: No
DescriptionThe vulnerability allows a local privileged application to gain access to sensitive information.
The vulnerability exists due to a possible missing params check within the FM service in Android. A local privileged application can gain access to sensitive information.
MitigationInstall security update from vendor's website.
Vulnerable software versionsSC9863A: All versions
SC9832E: All versions
SC7731E: All versions
T610: All versions
T310: All versions
T606: All versions
T760: All versions
T618: All versions
T612: All versions
T616: All versions
T770: All versions
T820: All versions
S8000: All versions
External linkshttp://www.unisoc.com/en_us/secy/announcementDetail/1654776866982133761
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
39) Stack-based buffer overflow
EUVDB-ID: #VU75812
Risk: Low
CVSSv3.1: 3.9 [CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C]
CVE-ID: CVE-2022-48233
CWE-ID:
CWE-121 - Stack-based buffer overflow
Exploit availability: No
DescriptionThe vulnerability allows a local privileged application to gain access to sensitive information.
The vulnerability exists due to a possible missing params check within the FM service in Android. A local privileged application can gain access to sensitive information.
MitigationInstall security update from vendor's website.
Vulnerable software versionsSC9863A: All versions
SC9832E: All versions
SC7731E: All versions
T610: All versions
T310: All versions
T606: All versions
T760: All versions
T618: All versions
T612: All versions
T616: All versions
T770: All versions
T820: All versions
S8000: All versions
External linkshttp://www.unisoc.com/en_us/secy/announcementDetail/1654776866982133761
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
40) Stack-based buffer overflow
EUVDB-ID: #VU75813
Risk: Low
CVSSv3.1: 3.9 [CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C]
CVE-ID: CVE-2022-48234
CWE-ID:
CWE-121 - Stack-based buffer overflow
Exploit availability: No
DescriptionThe vulnerability allows a local privileged application to gain access to sensitive information.
The vulnerability exists due to a possible missing params check within the FM service in Android. A local privileged application can gain access to sensitive information.
MitigationInstall security update from vendor's website.
Vulnerable software versionsSC9863A: All versions
SC9832E: All versions
SC7731E: All versions
T610: All versions
T310: All versions
T606: All versions
T760: All versions
T618: All versions
T612: All versions
T616: All versions
T770: All versions
T820: All versions
S8000: All versions
External linkshttp://www.unisoc.com/en_us/secy/announcementDetail/1654776866982133761
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
41) Missing Authorization
EUVDB-ID: #VU75814
Risk: Low
CVSSv3.1: 3.9 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:L/E:U/RL:O/RC:C]
CVE-ID: CVE-2022-47490
CWE-ID:
CWE-862 - Missing Authorization
Exploit availability: No
DescriptionThe vulnerability allows a local application to manipulate or delete data.
The vulnerability exists due to a possible missing permission check within the Soter service in Android. A local application can manipulate or delete data.
MitigationInstall security update from vendor's website.
Vulnerable software versionsSC9863A: All versions
SC9832E: All versions
SC7731E: All versions
T610: All versions
T310: All versions
T606: All versions
T760: All versions
T618: All versions
T612: All versions
T616: All versions
T770: All versions
T820: All versions
S8000: All versions
External linkshttp://www.unisoc.com/en_us/secy/announcementDetail/1654776866982133761
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
42) Missing Authorization
EUVDB-ID: #VU75815
Risk: Low
CVSSv3.1: 3.9 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:L/E:U/RL:O/RC:C]
CVE-ID: CVE-2022-47492
CWE-ID:
CWE-862 - Missing Authorization
Exploit availability: No
DescriptionThe vulnerability allows a local application to manipulate or delete data.
The vulnerability exists due to a possible missing permission check within the Soter service in Android. A local application can manipulate or delete data.
MitigationInstall security update from vendor's website.
Vulnerable software versionsSC9863A: All versions
SC9832E: All versions
SC7731E: All versions
T610: All versions
T310: All versions
T606: All versions
T760: All versions
T618: All versions
T612: All versions
T616: All versions
T770: All versions
T820: All versions
S8000: All versions
External linkshttp://www.unisoc.com/en_us/secy/announcementDetail/1654776866982133761
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
43) Missing Authorization
EUVDB-ID: #VU75816
Risk: Low
CVSSv3.1: 3.9 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:L/E:U/RL:O/RC:C]
CVE-ID: CVE-2022-47493
CWE-ID:
CWE-862 - Missing Authorization
Exploit availability: No
DescriptionThe vulnerability allows a local application to manipulate or delete data.
The vulnerability exists due to a possible missing permission check within the Soter service in Android. A local application can manipulate or delete data.
MitigationInstall security update from vendor's website.
Vulnerable software versionsSC9863A: All versions
SC9832E: All versions
SC7731E: All versions
T610: All versions
T310: All versions
T606: All versions
T760: All versions
T618: All versions
T612: All versions
T616: All versions
T770: All versions
T820: All versions
S8000: All versions
External linkshttp://www.unisoc.com/en_us/secy/announcementDetail/1654776866982133761
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
44) NULL Pointer Dereference
EUVDB-ID: #VU75817
Risk: Low
CVSSv3.1: 3.9 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:L/E:U/RL:O/RC:C]
CVE-ID: CVE-2022-48231
CWE-ID:
CWE-476 - NULL Pointer Dereference
Exploit availability: No
DescriptionThe vulnerability allows a local application to manipulate or delete data.
The vulnerability exists due to a possible missing permission check within the Soter service in Android. A local application can manipulate or delete data.
MitigationInstall security update from vendor's website.
Vulnerable software versionsSC9863A: All versions
SC9832E: All versions
SC7731E: All versions
T610: All versions
T310: All versions
T606: All versions
T760: All versions
T618: All versions
T612: All versions
T616: All versions
T770: All versions
T820: All versions
S8000: All versions
External linkshttp://www.unisoc.com/en_us/secy/announcementDetail/1654776866982133761
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
45) Integer overflow
EUVDB-ID: #VU75818
Risk: Low
CVSSv3.1: 3.9 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:L/E:U/RL:O/RC:C]
CVE-ID: CVE-2022-47489
CWE-ID:
CWE-190 - Integer overflow
Exploit availability: No
DescriptionThe vulnerability allows a local application to manipulate or delete data.
The vulnerability exists due to a possible out of bounds write due to a missing bounds check within the Soter service in Android. A local application can manipulate or delete data.
MitigationInstall security update from vendor's website.
Vulnerable software versionsSC9863A: All versions
SC9832E: All versions
SC7731E: All versions
T610: All versions
T310: All versions
T606: All versions
T760: All versions
T618: All versions
T612: All versions
T616: All versions
T770: All versions
T820: All versions
S8000: All versions
External linkshttp://www.unisoc.com/en_us/secy/announcementDetail/1654776866982133761
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
46) Buffer overflow
EUVDB-ID: #VU75819
Risk: Low
CVSSv3.1: 3.9 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:L/E:U/RL:O/RC:C]
CVE-ID: CVE-2022-47491
CWE-ID:
CWE-120 - Buffer overflow
Exploit availability: No
DescriptionThe vulnerability allows a local application to manipulate or delete data.
The vulnerability exists due to a possible out of bounds write due to a missing bounds check within the Soter service in Android. A local application can manipulate or delete data.
MitigationInstall security update from vendor's website.
Vulnerable software versionsSC9863A: All versions
SC9832E: All versions
SC7731E: All versions
T610: All versions
T310: All versions
T606: All versions
T760: All versions
T618: All versions
T612: All versions
T616: All versions
T770: All versions
T820: All versions
S8000: All versions
External linkshttp://www.unisoc.com/en_us/secy/announcementDetail/1654776866982133761
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
47) Buffer overflow
EUVDB-ID: #VU75820
Risk: Low
CVSSv3.1: 3.9 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:L/E:U/RL:O/RC:C]
CVE-ID: CVE-2022-47494
CWE-ID:
CWE-120 - Buffer overflow
Exploit availability: No
DescriptionThe vulnerability allows a local application to manipulate or delete data.
The vulnerability exists due to a possible out of bounds write due to a missing bounds check within the Soter service in Android. A local application can manipulate or delete data.
MitigationInstall security update from vendor's website.
Vulnerable software versionsSC9863A: All versions
SC9832E: All versions
SC7731E: All versions
T610: All versions
T310: All versions
T606: All versions
T760: All versions
T618: All versions
T612: All versions
T616: All versions
T770: All versions
T820: All versions
S8000: All versions
External linkshttp://www.unisoc.com/en_us/secy/announcementDetail/1654776866982133761
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
48) Buffer overflow
EUVDB-ID: #VU75821
Risk: Low
CVSSv3.1: 3.9 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:L/E:U/RL:O/RC:C]
CVE-ID: CVE-2022-47495
CWE-ID:
CWE-120 - Buffer overflow
Exploit availability: No
DescriptionThe vulnerability allows a local application to manipulate or delete data.
The vulnerability exists due to a possible out of bounds write due to a missing bounds check within the Soter service in Android. A local application can manipulate or delete data.
MitigationInstall security update from vendor's website.
Vulnerable software versionsSC9863A: All versions
SC9832E: All versions
SC7731E: All versions
T610: All versions
T310: All versions
T606: All versions
T760: All versions
T618: All versions
T612: All versions
T616: All versions
T770: All versions
T820: All versions
S8000: All versions
External linkshttp://www.unisoc.com/en_us/secy/announcementDetail/1654776866982133761
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
49) Buffer overflow
EUVDB-ID: #VU75822
Risk: Low
CVSSv3.1: 3.9 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:L/E:U/RL:O/RC:C]
CVE-ID: CVE-2022-47496
CWE-ID:
CWE-120 - Buffer overflow
Exploit availability: No
DescriptionThe vulnerability allows a local application to manipulate or delete data.
The vulnerability exists due to a possible out of bounds write due to a missing bounds check within the Soter service in Android. A local application can manipulate or delete data.
MitigationInstall security update from vendor's website.
Vulnerable software versionsSC9863A: All versions
SC9832E: All versions
SC7731E: All versions
T610: All versions
T310: All versions
T606: All versions
T760: All versions
T618: All versions
T612: All versions
T616: All versions
T770: All versions
T820: All versions
S8000: All versions
External linkshttp://www.unisoc.com/en_us/secy/announcementDetail/1654776866982133761
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
50) Buffer overflow
EUVDB-ID: #VU75824
Risk: Low
CVSSv3.1: 3.9 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:L/E:U/RL:O/RC:C]
CVE-ID: CVE-2022-47498
CWE-ID:
CWE-120 - Buffer overflow
Exploit availability: No
DescriptionThe vulnerability allows a local application to manipulate or delete data.
The vulnerability exists due to a possible out of bounds write due to a missing bounds check within the Soter service in Android. A local application can manipulate or delete data.
MitigationInstall security update from vendor's website.
Vulnerable software versionsSC9863A: All versions
SC9832E: All versions
SC7731E: All versions
T610: All versions
T310: All versions
T606: All versions
T760: All versions
T618: All versions
T612: All versions
T616: All versions
T770: All versions
T820: All versions
S8000: All versions
External linkshttp://www.unisoc.com/en_us/secy/announcementDetail/1654776866982133761
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
51) Missing Authorization
EUVDB-ID: #VU75840
Risk: Low
CVSSv3.1: 2.9 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L/E:U/RL:O/RC:C]
CVE-ID: CVE-2022-48249
CWE-ID:
CWE-862 - Missing Authorization
Exploit availability: No
DescriptionThe vulnerability allows a local application to perform service disruption.
The vulnerability exists due to a possible missing permission check within the audio service in Audio. A local application can perform service disruption.
MitigationInstall security update from vendor's website.
Vulnerable software versionsSC9863A: All versions
SC9832E: All versions
SC7731E: All versions
T610: All versions
T310: All versions
T606: All versions
T760: All versions
T618: All versions
T612: All versions
T616: All versions
T770: All versions
T820: All versions
S8000: All versions
External linkshttp://www.unisoc.com/en_us/secy/announcementDetail/1654776866982133761
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
52) Information exposure
EUVDB-ID: #VU75833
Risk: Low
CVSSv3.1: 2.9 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N/E:U/RL:O/RC:C]
CVE-ID: CVE-2022-48242
CWE-ID:
CWE-200 - Information exposure
Exploit availability: No
DescriptionThe vulnerability allows a local application to gain access to sensitive information.
The vulnerability exists due to a possible missing permission check within the telephony service in Android. A local application can gain access to sensitive information.
MitigationInstall security update from vendor's website.
Vulnerable software versionsSC9863A: All versions
SC9832E: All versions
SC7731E: All versions
T610: All versions
T310: All versions
T606: All versions
T760: All versions
T618: All versions
T612: All versions
T616: All versions
T770: All versions
T820: All versions
S8000: All versions
External linkshttp://www.unisoc.com/en_us/secy/announcementDetail/1654776866982133761
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
53) Missing Authorization
EUVDB-ID: #VU75839
Risk: Low
CVSSv3.1: 4.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2022-48248
CWE-ID:
CWE-862 - Missing Authorization
Exploit availability: No
DescriptionThe vulnerability allows a local application to perform a denial of service (DoS) attack.
The vulnerability exists due to a possible missing permission check within the audio service in Audio. A local application can perform a denial of service (DoS) attack.
MitigationInstall security update from vendor's website.
Vulnerable software versionsSC9863A: All versions
SC9832E: All versions
SC7731E: All versions
T610: All versions
T310: All versions
T606: All versions
T760: All versions
T618: All versions
T612: All versions
T616: All versions
T770: All versions
T820: All versions
S8000: All versions
External linkshttp://www.unisoc.com/en_us/secy/announcementDetail/1654776866982133761
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
54) Missing Authorization
EUVDB-ID: #VU75838
Risk: Low
CVSSv3.1: 4.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2022-48247
CWE-ID:
CWE-862 - Missing Authorization
Exploit availability: No
DescriptionThe vulnerability allows a local application to perform a denial of service (DoS) attack.
The vulnerability exists due to a possible missing permission check within the audio service in Audio. A local application can perform a denial of service (DoS) attack.
MitigationInstall security update from vendor's website.
Vulnerable software versionsSC9863A: All versions
SC9832E: All versions
SC7731E: All versions
T610: All versions
T310: All versions
T606: All versions
T760: All versions
T618: All versions
T612: All versions
T616: All versions
T770: All versions
T820: All versions
S8000: All versions
External linkshttp://www.unisoc.com/en_us/secy/announcementDetail/1654776866982133761
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
55) Missing Authorization
EUVDB-ID: #VU75837
Risk: Low
CVSSv3.1: 4.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2022-48246
CWE-ID:
CWE-862 - Missing Authorization
Exploit availability: No
DescriptionThe vulnerability allows a local application to perform a denial of service (DoS) attack.
The vulnerability exists due to a possible missing permission check within the audio service in Audio. A local application can perform a denial of service (DoS) attack.
MitigationInstall security update from vendor's website.
Vulnerable software versionsSC9863A: All versions
SC9832E: All versions
SC7731E: All versions
T610: All versions
T310: All versions
T606: All versions
T760: All versions
T618: All versions
T612: All versions
T616: All versions
T770: All versions
T820: All versions
S8000: All versions
External linkshttp://www.unisoc.com/en_us/secy/announcementDetail/1654776866982133761
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
56) Missing Authorization
EUVDB-ID: #VU75836
Risk: Low
CVSSv3.1: 4.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2022-48245
CWE-ID:
CWE-862 - Missing Authorization
Exploit availability: No
DescriptionThe vulnerability allows a local application to perform a denial of service (DoS) attack.
The vulnerability exists due to a possible missing permission check within the audio service in Audio. A local application can perform a denial of service (DoS) attack.
MitigationInstall security update from vendor's website.
Vulnerable software versionsSC9863A: All versions
SC9832E: All versions
SC7731E: All versions
T610: All versions
T310: All versions
T606: All versions
T760: All versions
T618: All versions
T612: All versions
T616: All versions
T770: All versions
T820: All versions
S8000: All versions
External linkshttp://www.unisoc.com/en_us/secy/announcementDetail/1654776866982133761
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
57) Missing Authorization
EUVDB-ID: #VU75835
Risk: Low
CVSSv3.1: 4.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2022-48244
CWE-ID:
CWE-862 - Missing Authorization
Exploit availability: No
DescriptionThe vulnerability allows a local application to perform a denial of service (DoS) attack.
The vulnerability exists due to a possible missing permission check within the audio service in Audio. A local application can perform a denial of service (DoS) attack.
MitigationInstall security update from vendor's website.
Vulnerable software versionsSC9863A: All versions
SC9832E: All versions
SC7731E: All versions
T610: All versions
T310: All versions
T606: All versions
T760: All versions
T618: All versions
T612: All versions
T616: All versions
T770: All versions
T820: All versions
S8000: All versions
External linkshttp://www.unisoc.com/en_us/secy/announcementDetail/1654776866982133761
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
58) Missing Authorization
EUVDB-ID: #VU75834
Risk: Low
CVSSv3.1: 4.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2022-48243
CWE-ID:
CWE-862 - Missing Authorization
Exploit availability: No
DescriptionThe vulnerability allows a local application to perform a denial of service (DoS) attack.
The vulnerability exists due to a possible missing permission check within the audio service in Audio. A local application can perform a denial of service (DoS) attack.
MitigationInstall security update from vendor's website.
Vulnerable software versionsSC9863A: All versions
SC9832E: All versions
SC7731E: All versions
T610: All versions
T310: All versions
T606: All versions
T760: All versions
T618: All versions
T612: All versions
T616: All versions
T770: All versions
T820: All versions
S8000: All versions
External linkshttp://www.unisoc.com/en_us/secy/announcementDetail/1654776866982133761
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
59) NULL Pointer Dereference
EUVDB-ID: #VU75832
Risk: Low
CVSSv3.1: 2.9 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N/E:U/RL:O/RC:C]
CVE-ID: CVE-2022-48241
CWE-ID:
CWE-476 - NULL Pointer Dereference
Exploit availability: No
DescriptionThe vulnerability allows a local application to gain access to sensitive information.
The vulnerability exists due to a possible missing permission check within the telephony service in Android. A local application can gain access to sensitive information.
MitigationInstall security update from vendor's website.
Vulnerable software versionsSC9863A: All versions
SC9832E: All versions
SC7731E: All versions
T610: All versions
T310: All versions
T606: All versions
T760: All versions
T618: All versions
T612: All versions
T616: All versions
T770: All versions
T820: All versions
S8000: All versions
External linkshttp://www.unisoc.com/en_us/secy/announcementDetail/1654776866982133761
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
60) Buffer overflow
EUVDB-ID: #VU75825
Risk: Low
CVSSv3.1: 3.9 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:L/E:U/RL:O/RC:C]
CVE-ID: CVE-2022-47499
CWE-ID:
CWE-120 - Buffer overflow
Exploit availability: No
DescriptionThe vulnerability allows a local application to manipulate or delete data.
The vulnerability exists due to a possible out of bounds write due to a missing bounds check within the Soter service in Android. A local application can manipulate or delete data.
MitigationInstall security update from vendor's website.
Vulnerable software versionsSC9863A: All versions
SC9832E: All versions
SC7731E: All versions
T610: All versions
T310: All versions
T606: All versions
T760: All versions
T618: All versions
T612: All versions
T616: All versions
T770: All versions
T820: All versions
S8000: All versions
External linkshttp://www.unisoc.com/en_us/secy/announcementDetail/1654776866982133761
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
61) Out-of-bounds write
EUVDB-ID: #VU75831
Risk: Low
CVSSv3.1: 3.9 [CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2022-48240
CWE-ID:
CWE-787 - Out-of-bounds write
Exploit availability: No
DescriptionThe vulnerability allows a local privileged application to perform a denial of service (DoS) attack.
The vulnerability exists due to a possible out of bounds write due to a missing bounds check within the camera driver in Kernel. A local privileged application can perform a denial of service (DoS) attack.
MitigationInstall security update from vendor's website.
Vulnerable software versionsSC9863A: All versions
SC9832E: All versions
SC7731E: All versions
T610: All versions
T310: All versions
T606: All versions
T760: All versions
T618: All versions
T612: All versions
T616: All versions
T770: All versions
T820: All versions
S8000: All versions
External linkshttp://www.unisoc.com/en_us/secy/announcementDetail/1654776866982133761
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
62) Out-of-bounds write
EUVDB-ID: #VU75830
Risk: Low
CVSSv3.1: 3.9 [CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2022-48239
CWE-ID:
CWE-787 - Out-of-bounds write
Exploit availability: No
DescriptionThe vulnerability allows a local privileged application to perform a denial of service (DoS) attack.
The vulnerability exists due to a possible out of bounds write due to a missing bounds check within the camera driver in Kernel. A local privileged application can perform a denial of service (DoS) attack.
MitigationInstall security update from vendor's website.
Vulnerable software versionsSC9863A: All versions
SC9832E: All versions
SC7731E: All versions
T610: All versions
T310: All versions
T606: All versions
T760: All versions
T618: All versions
T612: All versions
T616: All versions
T770: All versions
T820: All versions
S8000: All versions
External linkshttp://www.unisoc.com/en_us/secy/announcementDetail/1654776866982133761
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
63) Out-of-bounds read
EUVDB-ID: #VU75829
Risk: Medium
CVSSv3.1: 4.7 [CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:L/E:U/RL:O/RC:C]
CVE-ID: CVE-2022-48238
CWE-ID:
CWE-125 - Out-of-bounds read
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to manipulate or delete data.
The vulnerability exists due to a possible out of bounds write due to a missing bounds check within the Image Filter in Kernel. A remote attacker can trick the victim to open a specially crafted file and manipulate or delete data.
MitigationInstall security update from vendor's website.
Vulnerable software versionsSC9863A: All versions
SC9832E: All versions
SC7731E: All versions
T610: All versions
T310: All versions
T606: All versions
T760: All versions
T618: All versions
T612: All versions
T616: All versions
T770: All versions
T820: All versions
S8000: All versions
External linkshttp://www.unisoc.com/en_us/secy/announcementDetail/1654776866982133761
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
64) Buffer overflow
EUVDB-ID: #VU75828
Risk: Medium
CVSSv3.1: 4.7 [CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:L/E:U/RL:O/RC:C]
CVE-ID: CVE-2022-48237
CWE-ID:
CWE-120 - Buffer overflow
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to manipulate or delete data.
The vulnerability exists due to a possible out of bounds write due to a missing bounds check within the Image Filter in Kernel. A remote attacker can trick the victim to open a specially crafted file and manipulate or delete data.
MitigationInstall security update from vendor's website.
Vulnerable software versionsSC9863A: All versions
SC9832E: All versions
SC7731E: All versions
T610: All versions
T310: All versions
T606: All versions
T760: All versions
T618: All versions
T612: All versions
T616: All versions
T770: All versions
T820: All versions
S8000: All versions
External linkshttp://www.unisoc.com/en_us/secy/announcementDetail/1654776866982133761
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
65) Out-of-bounds read
EUVDB-ID: #VU75827
Risk: Medium
CVSSv3.1: 4.7 [CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:L/E:U/RL:O/RC:C]
CVE-ID: CVE-2022-48236
CWE-ID:
CWE-125 - Out-of-bounds read
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to read memory contents or crash the system.
The vulnerability exists due to a possible out of bounds read due to a missing bounds check within the MP3 encoder in Android. A remote attacker can trick the victim to open a specially crafted file and read memory contents or crash the system.
MitigationInstall security update from vendor's website.
Vulnerable software versionsSC9863A: All versions
SC9832E: All versions
SC7731E: All versions
T610: All versions
T310: All versions
T606: All versions
T760: All versions
T618: All versions
T612: All versions
T616: All versions
T770: All versions
T820: All versions
S8000: All versions
External linkshttp://www.unisoc.com/en_us/secy/announcementDetail/1654776866982133761
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
66) Out-of-bounds read
EUVDB-ID: #VU75826
Risk: Medium
CVSSv3.1: 4.7 [CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:L/E:U/RL:O/RC:C]
CVE-ID: CVE-2022-48235
CWE-ID:
CWE-125 - Out-of-bounds read
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to read memory contents or crash the system.
The vulnerability exists due to a possible out of bounds write due to a missing bounds check within the MP3 encoder in Android. A remote attacker can trick the victim to open a specially crafted file and read memory contents or crash the system.
MitigationInstall security update from vendor's website.
Vulnerable software versionsSC9863A: All versions
SC9832E: All versions
SC7731E: All versions
T610: All versions
T310: All versions
T606: All versions
T760: All versions
T618: All versions
T612: All versions
T616: All versions
T770: All versions
T820: All versions
S8000: All versions
External linkshttp://www.unisoc.com/en_us/secy/announcementDetail/1654776866982133761
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
