SB2023050924 - Multiple vulnerabilities in Unisoc chipsets
Published: May 9, 2023
Breakdown by Severity
- Low
- Medium
- High
- Critical
Description
This security bulletin contains information about 66 vulnerabilities.
1) Missing Authorization (CVE-ID: CVE-2022-48383)
CWE-ID: CWE-862 - Missing Authorization
CVSSv4: CVSS:4.0/AV:L/AC:L/AT:P/PR:H/UI:A/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear
The vulnerability allows a local privileged application to perform a denial of service (DoS) attack.
The vulnerability exists due to a possible missing permission check within the srtd service in Android. A local privileged application can perform a denial of service (DoS) attack.
2) Information exposure (CVE-ID: CVE-2022-48370)
CWE-ID: CWE-200 - Exposure of sensitive information to an unauthorized actor
CVSSv4: CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N/E:U/U:Clear
The vulnerability allows a local application to gain access to sensitive information.
The vulnerability exists due to a possible missing permission check within the dialer service in Android. A local application can gain access to sensitive information.
3) Information exposure (CVE-ID: CVE-2022-48371)
CWE-ID: CWE-200 - Exposure of sensitive information to an unauthorized actor
CVSSv4: CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N/E:U/U:Clear
The vulnerability allows a local application to gain access to sensitive information.
The vulnerability exists due to a possible missing permission check within the dialer service in Android. A local application can gain access to sensitive information.
4) Integer overflow (CVE-ID: CVE-2022-48372)
CWE-ID: CWE-190 - Integer overflow
CVSSv4: CVSS:4.0/AV:L/AC:L/AT:N/PR:H/UI:N/VC:N/VI:L/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear
The vulnerability allows a local privileged application to damange or delete data.
The vulnerability exists due to a possible out of bounds write due to a missing bounds check within the bootcp service in Android. A local privileged application can damange or delete data.
5) Integer overflow (CVE-ID: CVE-2022-48373)
CWE-ID: CWE-190 - Integer overflow
CVSSv4: CVSS:4.0/AV:L/AC:L/AT:N/PR:H/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:U/U:Clear
The vulnerability allows a local privileged application to read and manipulate data.
The vulnerability exists due to a possible out of bounds write due to a missing bounds check within the tee service in Android. A local privileged application can read and manipulate data.
6) Integer overflow (CVE-ID: CVE-2022-48374)
CWE-ID: CWE-190 - Integer overflow
CVSSv4: CVSS:4.0/AV:L/AC:L/AT:N/PR:H/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:U/U:Clear
The vulnerability allows a local privileged application to read and manipulate data.
The vulnerability exists due to a possible out of bounds write due to a missing bounds check within the tee service in Android. A local privileged application can read and manipulate data.
7) Missing Authorization (CVE-ID: CVE-2022-48375)
CWE-ID: CWE-862 - Missing Authorization
CVSSv4: CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:A/VC:L/VI:L/VA:N/SC:N/SI:N/SA:N/E:U/U:Green
The vulnerability allows a remote attacker to read and manipulate data.
The vulnerability exists due to a possible missing permission check within the Contacts service in Android. A remote attacker can trick the victim to open a specially crafted file and read and manipulate data.
8) Missing Authorization (CVE-ID: CVE-2022-48376)
CWE-ID: CWE-862 - Missing Authorization
CVSSv4: CVSS:4.0/AV:L/AC:L/AT:P/PR:L/UI:N/VC:L/VI:L/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear
The vulnerability allows a local application to read and manipulate data.
The vulnerability exists due to a possible missing permission check within the dialer in Android. A local application can read and manipulate data.
9) Missing Authorization (CVE-ID: CVE-2022-48377)
CWE-ID: CWE-862 - Missing Authorization
CVSSv4: CVSS:4.0/AV:L/AC:L/AT:P/PR:L/UI:N/VC:L/VI:L/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear
The vulnerability allows a local application to read and manipulate data.
The vulnerability exists due to a possible missing permission check within the dialer in Android. A local application can read and manipulate data.
10) Missing Authorization (CVE-ID: CVE-2022-48378)
CWE-ID: CWE-862 - Missing Authorization
CVSSv4: CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N/E:U/U:Clear
The vulnerability allows a local application to manipulate data.
The vulnerability exists due to a possible missing permission check within the Engineermode service in Android. A local application can manipulate data.
11) NULL Pointer Dereference (CVE-ID: CVE-2022-48379)
CWE-ID: CWE-476 - NULL Pointer Dereference
CVSSv4: CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N/E:U/U:Clear
The vulnerability allows a local application to perform service disruption.
The vulnerability exists due to a possible missing permission check within the dialer in Android. A local application can perform service disruption.
12) Stack-based buffer overflow (CVE-ID: CVE-2022-47340)
CWE-ID: CWE-121 - Stack-based buffer overflow
CVSSv4: CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:A/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Green
The vulnerability allows a remote attacker to perform a denial of service (DoS) attack.
The vulnerability exists due to a possible out of bounds write due to a missing bounds check within the video decoder firmware in Android. A remote attacker can perform a denial of service (DoS) attack.
13) Resource exhaustion (CVE-ID: CVE-2022-48380)
CWE-ID: CWE-400 - Resource exhaustion
CVSSv4: CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:A/VC:L/VI:L/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear
The vulnerability allows a local application to read and manipulate data.
The vulnerability exists due to a possible out of bounds write due to a missing bounds check within the modem control device in Kernel. A local application can read and manipulate data.
14) Resource exhaustion (CVE-ID: CVE-2022-48381)
CWE-ID: CWE-400 - Resource exhaustion
CVSSv4: CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:A/VC:L/VI:L/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear
The vulnerability allows a local application to read and manipulate data.
The vulnerability exists due to a possible out of bounds write due to a missing bounds check within the modem control device in Kernel. A local application can read and manipulate data.
15) Buffer overflow (CVE-ID: CVE-2022-48382)
CWE-ID: CWE-120 - Buffer overflow
CVSSv4: CVSS:4.0/AV:L/AC:L/AT:P/PR:H/UI:A/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear
The vulnerability allows a local privileged application to perform a denial of service (DoS) attack.
The vulnerability exists due to a possible out of bounds write due to a missing bounds check within the log service has buffer overflow issue in Android. A local privileged application can perform a denial of service (DoS) attack.
16) Missing Authorization (CVE-ID: CVE-2022-48384)
CWE-ID: CWE-862 - Missing Authorization
CVSSv4: CVSS:4.0/AV:L/AC:L/AT:P/PR:H/UI:A/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear
The vulnerability allows a local privileged application to perform a denial of service (DoS) attack.
The vulnerability exists due to a possible missing permission check within the srtd service in Android. A local privileged application can perform a denial of service (DoS) attack.
17) Missing Authorization (CVE-ID: CVE-2022-48368)
CWE-ID: CWE-862 - Missing Authorization
CVSSv4: CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N/E:U/U:Clear
The vulnerability allows a local application to perform service disruption.
The vulnerability exists due to a possible missing permission check within the audio service in Audio. A local application can perform service disruption.
18) Double Free (CVE-ID: CVE-2022-48386)
CWE-ID: CWE-415 - Double Free
CVSSv4: CVSS:4.0/AV:L/AC:L/AT:P/PR:H/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:U/U:Clear
The vulnerability allows a local privileged application to read and manipulate data.
The vulnerability exists due to a possible use after free due to a logic error within the apipe driver in Android. A local privileged application can read and manipulate data.
19) Out-of-bounds write (CVE-ID: CVE-2022-48387)
CWE-ID: CWE-787 - Out-of-bounds write
CVSSv4: CVSS:4.0/AV:L/AC:L/AT:P/PR:H/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:U/U:Clear
The vulnerability allows a local privileged application to read and manipulate data.
The vulnerability exists due to a possible out of bounds write due to a missing bounds check within the apipe driver in Android. A local privileged application can read and manipulate data.
20) Resource exhaustion (CVE-ID: CVE-2022-38685)
CWE-ID: CWE-400 - Resource exhaustion
CVSSv4: CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:A/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Green
The vulnerability allows a remote attacker to perform a denial of service (DoS) attack.
The vulnerability exists due to a possible missing permission check within the bluetooth service in Android. A remote attacker can trick the victim to open a specially crafted file and perform a denial of service (DoS) attack.
21) Buffer overflow (CVE-ID: CVE-2022-39089)
CWE-ID: CWE-120 - Buffer overflow
CVSSv4: CVSS:4.0/AV:L/AC:L/AT:N/PR:H/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:U/U:Clear
The vulnerability allows a local privileged application to read and manipulate data.
The vulnerability exists due to a possible out of bounds read due to a missing bounds check within the mlog service in Android. A local privileged application can read and manipulate data.
22) Missing Authorization (CVE-ID: CVE-2022-48388)
CWE-ID: CWE-862 - Missing Authorization
CVSSv4: CVSS:4.0/AV:L/AC:L/AT:N/PR:H/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear
The vulnerability allows a local privileged application to perform a denial of service (DoS) attack.
The vulnerability exists due to a possible missing permission check within the Android. A local privileged application can perform a denial of service (DoS) attack.
23) Missing Authorization (CVE-ID: CVE-2022-44433)
CWE-ID: CWE-862 - Missing Authorization
CVSSv4: CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:A/VC:L/VI:L/VA:N/SC:N/SI:N/SA:N/E:U/U:Green
The vulnerability allows a remote attacker to read and manipulate data.
The vulnerability exists due to a possible missing permission check within the Android. A remote attacker can trick the victim to open a specially crafted file and read and manipulate data.
24) Stack-based buffer overflow (CVE-ID: CVE-2022-48389)
CWE-ID: CWE-121 - Stack-based buffer overflow
CVSSv4: CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:A/VC:L/VI:L/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear
The vulnerability allows a local application to read and manipulate data.
The vulnerability exists due to a possible out of bounds write due to a missing bounds check within the modem control device in Kernel. A local application can read and manipulate data.
25) Out-of-bounds read (CVE-ID: CVE-2022-47334)
CWE-ID: CWE-125 - Out-of-bounds read
CVSSv4: CVSS:4.0/AV:L/AC:L/AT:N/PR:H/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:U/U:Clear
The vulnerability allows a local privileged application to read and manipulate data.
The vulnerability exists due to a possible out of bounds read due to a missing bounds check within the phasecheck server in Android. A local privileged application can read and manipulate data.
26) Stack-based buffer overflow (CVE-ID: CVE-2022-47485)
CWE-ID: CWE-121 - Stack-based buffer overflow
CVSSv4: CVSS:4.0/AV:L/AC:L/AT:N/PR:H/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:U/U:Clear
The vulnerability allows a local privileged application to read and manipulate data.
The vulnerability exists due to a possible out of bounds write due to a missing bounds check within the phasecheck server in Android. A local privileged application can read and manipulate data.
27) Out-of-bounds write (CVE-ID: CVE-2022-47469)
CWE-ID: CWE-787 - Out-of-bounds write
CVSSv4: CVSS:4.0/AV:L/AC:L/AT:P/PR:H/UI:A/VC:H/VI:H/VA:L/SC:N/SI:N/SA:N/E:U/U:Clear
The vulnerability allows a local privileged application to compromise the affected device.
The vulnerability exists due to a possible out of bounds read due to a missing bounds check within the ext4fsfilter driver in Kernel. A local privileged application can compromise the affected device.
28) Stack-based buffer overflow (CVE-ID: CVE-2022-47470)
CWE-ID: CWE-121 - Stack-based buffer overflow
CVSSv4: CVSS:4.0/AV:L/AC:L/AT:P/PR:H/UI:A/VC:H/VI:H/VA:L/SC:N/SI:N/SA:N/E:U/U:Clear
The vulnerability allows a local privileged application to compromise the affected device.
The vulnerability exists due to a possible out of bounds read due to a missing bounds check within the ext4fsfilter driver in Kernel. A local privileged application can compromise the affected device.
29) Stack-based buffer overflow (CVE-ID: CVE-2022-47486)
CWE-ID: CWE-121 - Stack-based buffer overflow
CVSSv4: CVSS:4.0/AV:L/AC:L/AT:P/PR:H/UI:A/VC:H/VI:H/VA:L/SC:N/SI:N/SA:N/E:U/U:Clear
The vulnerability allows a local privileged application to compromise the affected device.
The vulnerability exists due to a possible out of bounds read due to a missing bounds check within the ext4fsfilter driver in Kernel. A local privileged application can compromise the affected device.
30) Buffer overflow (CVE-ID: CVE-2022-47487)
CWE-ID: CWE-120 - Buffer overflow
CVSSv4: CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:A/VC:L/VI:H/VA:L/SC:N/SI:N/SA:N/E:U/U:Amber
The vulnerability allows a remote attacker to read and manipulate data.
The vulnerability exists due to a possible out of bounds write due to a missing bounds check within the thermal service in Android. A remote attacker can trick the victim to open a specially crafted file and read and manipulate data.
31) Memory corruption (CVE-ID: CVE-2022-47488)
CWE-ID: CWE-119 - Memory corruption
CVSSv4: CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear
The vulnerability allows a local application to damange or delete data.
The vulnerability exists due to a possible out of bounds write due to a missing bounds check within the spipe drive in Kernel. A local application can damange or delete data.
32) Missing Authorization (CVE-ID: CVE-2022-48369)
CWE-ID: CWE-862 - Missing Authorization
CVSSv4: CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N/E:U/U:Clear
The vulnerability allows a local application to perform service disruption.
The vulnerability exists due to a possible missing permission check within the audio service in Audio. A local application can perform service disruption.
33) Missing Authorization (CVE-ID: CVE-2022-48250)
CWE-ID: CWE-862 - Missing Authorization
CVSSv4: CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N/E:U/U:Clear
The vulnerability allows a local application to perform service disruption.
The vulnerability exists due to a possible missing permission check within the audio service in Audio. A local application can perform service disruption.
34) Out-of-bounds write (CVE-ID: CVE-2022-48385)
CWE-ID: CWE-787 - Out-of-bounds write
CVSSv4: CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:A/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N/E:U/U:Clear
The vulnerability allows a remote attacker to perform service disruption.
The vulnerability exists due to a possible out of bounds write due to a missing bounds check within the the cp_dump driver in Kernel. A remote attacker can trick the victim to open a specially crafted file and perform service disruption.
35) Buffer overflow (CVE-ID: CVE-2022-47497)
CWE-ID: CWE-120 - Buffer overflow
CVSSv4: CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:L/VA:L/SC:N/SI:N/SA:N/E:U/U:Clear
The vulnerability allows a local application to manipulate or delete data.
The vulnerability exists due to a possible out of bounds write due to a missing bounds check within the Soter service in Android. A local application can manipulate or delete data.
36) Resource exhaustion (CVE-ID: CVE-2022-44420)
CWE-ID: CWE-400 - Resource exhaustion
CVSSv4: CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N/E:U/U:Clear
The vulnerability allows a remote attacker to perform service disruption.
The vulnerability exists due to a possible missing verification of HashMME value in Security Mode Command within the Security Mode Command in Modem. A remote attacker can perform service disruption.
37) Resource exhaustion (CVE-ID: CVE-2022-44419)
CWE-ID: CWE-400 - Resource exhaustion
CVSSv4: CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N/E:U/U:Clear
The vulnerability allows a remote attacker to perform service disruption.
The vulnerability exists due to a possible missing verification of NAS Security Mode Command Replay Attacks in LTE within the LTE in Modem. A remote attacker can perform service disruption.
38) Stack-based buffer overflow (CVE-ID: CVE-2022-48232)
CWE-ID: CWE-121 - Stack-based buffer overflow
CVSSv4: CVSS:4.0/AV:L/AC:L/AT:N/PR:H/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N/E:U/U:Clear
The vulnerability allows a local privileged application to gain access to sensitive information.
The vulnerability exists due to a possible missing params check within the FM service in Android. A local privileged application can gain access to sensitive information.
39) Stack-based buffer overflow (CVE-ID: CVE-2022-48233)
CWE-ID: CWE-121 - Stack-based buffer overflow
CVSSv4: CVSS:4.0/AV:L/AC:L/AT:N/PR:H/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N/E:U/U:Clear
The vulnerability allows a local privileged application to gain access to sensitive information.
The vulnerability exists due to a possible missing params check within the FM service in Android. A local privileged application can gain access to sensitive information.
40) Stack-based buffer overflow (CVE-ID: CVE-2022-48234)
CWE-ID: CWE-121 - Stack-based buffer overflow
CVSSv4: CVSS:4.0/AV:L/AC:L/AT:N/PR:H/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N/E:U/U:Clear
The vulnerability allows a local privileged application to gain access to sensitive information.
The vulnerability exists due to a possible missing params check within the FM service in Android. A local privileged application can gain access to sensitive information.
41) Missing Authorization (CVE-ID: CVE-2022-47490)
CWE-ID: CWE-862 - Missing Authorization
CVSSv4: CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:L/VA:L/SC:N/SI:N/SA:N/E:U/U:Clear
The vulnerability allows a local application to manipulate or delete data.
The vulnerability exists due to a possible missing permission check within the Soter service in Android. A local application can manipulate or delete data.
42) Missing Authorization (CVE-ID: CVE-2022-47492)
CWE-ID: CWE-862 - Missing Authorization
CVSSv4: CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:L/VA:L/SC:N/SI:N/SA:N/E:U/U:Clear
The vulnerability allows a local application to manipulate or delete data.
The vulnerability exists due to a possible missing permission check within the Soter service in Android. A local application can manipulate or delete data.
43) Missing Authorization (CVE-ID: CVE-2022-47493)
CWE-ID: CWE-862 - Missing Authorization
CVSSv4: CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:L/VA:L/SC:N/SI:N/SA:N/E:U/U:Clear
The vulnerability allows a local application to manipulate or delete data.
The vulnerability exists due to a possible missing permission check within the Soter service in Android. A local application can manipulate or delete data.
44) NULL Pointer Dereference (CVE-ID: CVE-2022-48231)
CWE-ID: CWE-476 - NULL Pointer Dereference
CVSSv4: CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:L/VA:L/SC:N/SI:N/SA:N/E:U/U:Clear
The vulnerability allows a local application to manipulate or delete data.
The vulnerability exists due to a possible missing permission check within the Soter service in Android. A local application can manipulate or delete data.
45) Integer overflow (CVE-ID: CVE-2022-47489)
CWE-ID: CWE-190 - Integer overflow
CVSSv4: CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:L/VA:L/SC:N/SI:N/SA:N/E:U/U:Clear
The vulnerability allows a local application to manipulate or delete data.
The vulnerability exists due to a possible out of bounds write due to a missing bounds check within the Soter service in Android. A local application can manipulate or delete data.
46) Buffer overflow (CVE-ID: CVE-2022-47491)
CWE-ID: CWE-120 - Buffer overflow
CVSSv4: CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:L/VA:L/SC:N/SI:N/SA:N/E:U/U:Clear
The vulnerability allows a local application to manipulate or delete data.
The vulnerability exists due to a possible out of bounds write due to a missing bounds check within the Soter service in Android. A local application can manipulate or delete data.
47) Buffer overflow (CVE-ID: CVE-2022-47494)
CWE-ID: CWE-120 - Buffer overflow
CVSSv4: CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:L/VA:L/SC:N/SI:N/SA:N/E:U/U:Clear
The vulnerability allows a local application to manipulate or delete data.
The vulnerability exists due to a possible out of bounds write due to a missing bounds check within the Soter service in Android. A local application can manipulate or delete data.
48) Buffer overflow (CVE-ID: CVE-2022-47495)
CWE-ID: CWE-120 - Buffer overflow
CVSSv4: CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:L/VA:L/SC:N/SI:N/SA:N/E:U/U:Clear
The vulnerability allows a local application to manipulate or delete data.
The vulnerability exists due to a possible out of bounds write due to a missing bounds check within the Soter service in Android. A local application can manipulate or delete data.
49) Buffer overflow (CVE-ID: CVE-2022-47496)
CWE-ID: CWE-120 - Buffer overflow
CVSSv4: CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:L/VA:L/SC:N/SI:N/SA:N/E:U/U:Clear
The vulnerability allows a local application to manipulate or delete data.
The vulnerability exists due to a possible out of bounds write due to a missing bounds check within the Soter service in Android. A local application can manipulate or delete data.
50) Buffer overflow (CVE-ID: CVE-2022-47498)
CWE-ID: CWE-120 - Buffer overflow
CVSSv4: CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:L/VA:L/SC:N/SI:N/SA:N/E:U/U:Clear
The vulnerability allows a local application to manipulate or delete data.
The vulnerability exists due to a possible out of bounds write due to a missing bounds check within the Soter service in Android. A local application can manipulate or delete data.
51) Missing Authorization (CVE-ID: CVE-2022-48249)
CWE-ID: CWE-862 - Missing Authorization
CVSSv4: CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N/E:U/U:Clear
The vulnerability allows a local application to perform service disruption.
The vulnerability exists due to a possible missing permission check within the audio service in Audio. A local application can perform service disruption.
52) Information exposure (CVE-ID: CVE-2022-48242)
CWE-ID: CWE-200 - Exposure of sensitive information to an unauthorized actor
CVSSv4: CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N/E:U/U:Clear
The vulnerability allows a local application to gain access to sensitive information.
The vulnerability exists due to a possible missing permission check within the telephony service in Android. A local application can gain access to sensitive information.
53) Missing Authorization (CVE-ID: CVE-2022-48248)
CWE-ID: CWE-862 - Missing Authorization
CVSSv4: CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear
The vulnerability allows a local application to perform a denial of service (DoS) attack.
The vulnerability exists due to a possible missing permission check within the audio service in Audio. A local application can perform a denial of service (DoS) attack.
54) Missing Authorization (CVE-ID: CVE-2022-48247)
CWE-ID: CWE-862 - Missing Authorization
CVSSv4: CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear
The vulnerability allows a local application to perform a denial of service (DoS) attack.
The vulnerability exists due to a possible missing permission check within the audio service in Audio. A local application can perform a denial of service (DoS) attack.
55) Missing Authorization (CVE-ID: CVE-2022-48246)
CWE-ID: CWE-862 - Missing Authorization
CVSSv4: CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear
The vulnerability allows a local application to perform a denial of service (DoS) attack.
The vulnerability exists due to a possible missing permission check within the audio service in Audio. A local application can perform a denial of service (DoS) attack.
56) Missing Authorization (CVE-ID: CVE-2022-48245)
CWE-ID: CWE-862 - Missing Authorization
CVSSv4: CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear
The vulnerability allows a local application to perform a denial of service (DoS) attack.
The vulnerability exists due to a possible missing permission check within the audio service in Audio. A local application can perform a denial of service (DoS) attack.
57) Missing Authorization (CVE-ID: CVE-2022-48244)
CWE-ID: CWE-862 - Missing Authorization
CVSSv4: CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear
The vulnerability allows a local application to perform a denial of service (DoS) attack.
The vulnerability exists due to a possible missing permission check within the audio service in Audio. A local application can perform a denial of service (DoS) attack.
58) Missing Authorization (CVE-ID: CVE-2022-48243)
CWE-ID: CWE-862 - Missing Authorization
CVSSv4: CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear
The vulnerability allows a local application to perform a denial of service (DoS) attack.
The vulnerability exists due to a possible missing permission check within the audio service in Audio. A local application can perform a denial of service (DoS) attack.
59) NULL Pointer Dereference (CVE-ID: CVE-2022-48241)
CWE-ID: CWE-476 - NULL Pointer Dereference
CVSSv4: CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N/E:U/U:Clear
The vulnerability allows a local application to gain access to sensitive information.
The vulnerability exists due to a possible missing permission check within the telephony service in Android. A local application can gain access to sensitive information.
60) Buffer overflow (CVE-ID: CVE-2022-47499)
CWE-ID: CWE-120 - Buffer overflow
CVSSv4: CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:L/VA:L/SC:N/SI:N/SA:N/E:U/U:Clear
The vulnerability allows a local application to manipulate or delete data.
The vulnerability exists due to a possible out of bounds write due to a missing bounds check within the Soter service in Android. A local application can manipulate or delete data.
61) Out-of-bounds write (CVE-ID: CVE-2022-48240)
CWE-ID: CWE-787 - Out-of-bounds write
CVSSv4: CVSS:4.0/AV:L/AC:L/AT:N/PR:H/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear
The vulnerability allows a local privileged application to perform a denial of service (DoS) attack.
The vulnerability exists due to a possible out of bounds write due to a missing bounds check within the camera driver in Kernel. A local privileged application can perform a denial of service (DoS) attack.
62) Out-of-bounds write (CVE-ID: CVE-2022-48239)
CWE-ID: CWE-787 - Out-of-bounds write
CVSSv4: CVSS:4.0/AV:L/AC:L/AT:N/PR:H/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear
The vulnerability allows a local privileged application to perform a denial of service (DoS) attack.
The vulnerability exists due to a possible out of bounds write due to a missing bounds check within the camera driver in Kernel. A local privileged application can perform a denial of service (DoS) attack.
63) Out-of-bounds read (CVE-ID: CVE-2022-48238)
CWE-ID: CWE-125 - Out-of-bounds read
CVSSv4: CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:A/VC:N/VI:L/VA:L/SC:N/SI:N/SA:N/E:U/U:Green
The vulnerability allows a remote attacker to manipulate or delete data.
The vulnerability exists due to a possible out of bounds write due to a missing bounds check within the Image Filter in Kernel. A remote attacker can trick the victim to open a specially crafted file and manipulate or delete data.
64) Buffer overflow (CVE-ID: CVE-2022-48237)
CWE-ID: CWE-120 - Buffer overflow
CVSSv4: CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:A/VC:N/VI:L/VA:L/SC:N/SI:N/SA:N/E:U/U:Green
The vulnerability allows a remote attacker to manipulate or delete data.
The vulnerability exists due to a possible out of bounds write due to a missing bounds check within the Image Filter in Kernel. A remote attacker can trick the victim to open a specially crafted file and manipulate or delete data.
65) Out-of-bounds read (CVE-ID: CVE-2022-48236)
CWE-ID: CWE-125 - Out-of-bounds read
CVSSv4: CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:A/VC:L/VI:N/VA:L/SC:N/SI:N/SA:N/E:U/U:Green
The vulnerability allows a remote attacker to read memory contents or crash the system.
The vulnerability exists due to a possible out of bounds read due to a missing bounds check within the MP3 encoder in Android. A remote attacker can trick the victim to open a specially crafted file and read memory contents or crash the system.
66) Out-of-bounds read (CVE-ID: CVE-2022-48235)
CWE-ID: CWE-125 - Out-of-bounds read
CVSSv4: CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:A/VC:L/VI:N/VA:L/SC:N/SI:N/SA:N/E:U/U:Green
The vulnerability allows a remote attacker to read memory contents or crash the system.
The vulnerability exists due to a possible out of bounds write due to a missing bounds check within the MP3 encoder in Android. A remote attacker can trick the victim to open a specially crafted file and read memory contents or crash the system.
Remediation
Install update from vendor's website.