Multiple vulnerabilities in Unisoc chipsets
| Risk | Medium |
| Patch available | YES |
| Number of vulnerabilities | 24 |
| CVE-ID | CVE-2023-40645 CVE-2023-40638 CVE-2023-40654 CVE-2023-40653 CVE-2023-40652 CVE-2023-40651 CVE-2023-40650 CVE-2023-40649 CVE-2023-40648 CVE-2023-40647 CVE-2023-40646 CVE-2023-40644 CVE-2023-40631 CVE-2023-40643 CVE-2023-40642 CVE-2023-40641 CVE-2023-40640 CVE-2023-40639 CVE-2023-40637 CVE-2023-40636 CVE-2023-40635 CVE-2023-40634 CVE-2023-40633 CVE-2023-40632 |
| CWE-ID | CWE-200 CWE-862 CWE-284 CWE-787 CWE-1255 CWE-416 |
| Exploitation vector | Network |
| Public exploit | N/A |
| Vulnerable software Subscribe |
SC9863A Mobile applications / Mobile firmware & hardware T760 Mobile applications / Mobile firmware & hardware T770 Mobile applications / Mobile firmware & hardware T820 Mobile applications / Mobile firmware & hardware S8000 Mobile applications / Mobile firmware & hardware SC7731E Mobile applications / Mobile firmware & hardware SC9832E Mobile applications / Mobile firmware & hardware T310 Mobile applications / Mobile firmware & hardware T606 Mobile applications / Mobile firmware & hardware T612 Mobile applications / Mobile firmware & hardware T616 Mobile applications / Mobile firmware & hardware T610 Mobile applications / Mobile firmware & hardware T618 Mobile applications / Mobile firmware & hardware |
| Vendor | UNISOC |
Security Bulletin
This security bulletin contains information about 24 vulnerabilities.
1) Information exposure
EUVDB-ID: #VU81337
Risk: Low
CVSSv3.1: 2.9 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N/E:U/RL:O/RC:C]
CVE-ID: CVE-2023-40645
CWE-ID:
CWE-200 - Information exposure
Exploit availability: No
DescriptionThe vulnerability allows a local application to gain access to sensitive information.
The vulnerability exists due to a possible missing permission check within the Messaging in Android. A local application can gain access to sensitive information.
MitigationInstall security update from vendor's website.
Vulnerable software versionsSC9863A: All versions
External linkshttp://www.unisoc.com/en_us/secy/announcementDetail/1707266966118531074
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
2) Missing Authorization
EUVDB-ID: #VU81330
Risk: Low
CVSSv3.1: 5.7 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2023-40638
CWE-ID:
CWE-862 - Missing Authorization
Exploit availability: No
DescriptionThe vulnerability allows a local application to crash the entire system.
The vulnerability exists due to a possible missing permission check within the Telecom service in Android. A local application can crash the entire system.
MitigationInstall security update from vendor's website.
Vulnerable software versionsT760: All versions
T770: All versions
T820: All versions
S8000: All versions
External linkshttp://www.unisoc.com/en_us/secy/announcementDetail/1707266966118531074
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
3) Improper Access Control
EUVDB-ID: #VU81346
Risk: Medium
CVSSv3.1: 5.7 [CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C]
CVE-ID: CVE-2023-40654
CWE-ID:
CWE-284 - Improper Access Control
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to gain access to sensitive information.
The vulnerability exists due to a possible missing permission check within the FW-PackageManager in Android. A remote attacker can trick the victim to open a specially crafted file and gain access to sensitive information.
MitigationInstall security update from vendor's website.
Vulnerable software versionsSC7731E: All versions
SC9832E: All versions
SC9863A: All versions
T310: All versions
T606: All versions
T612: All versions
T616: All versions
T610: All versions
T618: All versions
T760: All versions
T770: All versions
T820: All versions
S8000: All versions
External linkshttp://www.unisoc.com/en_us/secy/announcementDetail/1707266966118531074
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
4) Improper Access Control
EUVDB-ID: #VU81345
Risk: Medium
CVSSv3.1: 5.7 [CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C]
CVE-ID: CVE-2023-40653
CWE-ID:
CWE-284 - Improper Access Control
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to gain access to sensitive information.
The vulnerability exists due to a possible missing permission check within the FW-PackageManager in Android. A remote attacker can trick the victim to open a specially crafted file and gain access to sensitive information.
MitigationInstall security update from vendor's website.
Vulnerable software versionsSC7731E: All versions
SC9832E: All versions
SC9863A: All versions
T310: All versions
T606: All versions
T612: All versions
T616: All versions
T610: All versions
T618: All versions
T760: All versions
T770: All versions
T820: All versions
S8000: All versions
External linkshttp://www.unisoc.com/en_us/secy/announcementDetail/1707266966118531074
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
5) Out-of-bounds write
EUVDB-ID: #VU81344
Risk: Low
CVSSv3.1: 5.2 [CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:H/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2023-40652
CWE-ID:
CWE-787 - Out-of-bounds write
Exploit availability: No
DescriptionThe vulnerability allows a local privileged application to damange or delete data.
The vulnerability exists due to a possible out of bounds write due to improper input validation within the jpg driver in Android. A local privileged application can damange or delete data.
MitigationInstall security update from vendor's website.
Vulnerable software versionsT606: All versions
T612: All versions
T616: All versions
External linkshttp://www.unisoc.com/en_us/secy/announcementDetail/1707266966118531074
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
6) Out-of-bounds write
EUVDB-ID: #VU81343
Risk: Low
CVSSv3.1: 5.8 [CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2023-40651
CWE-ID:
CWE-787 - Out-of-bounds write
Exploit availability: No
DescriptionThe vulnerability allows a local privileged application to execute arbitrary code.
The vulnerability exists due to a possible out of bounds write due to a missing bounds check within the urild service in Android. A local privileged application can execute arbitrary code.
MitigationInstall security update from vendor's website.
Vulnerable software versionsSC7731E: All versions
SC9832E: All versions
SC9863A: All versions
T310: All versions
T606: All versions
T612: All versions
T616: All versions
T610: All versions
T618: All versions
T760: All versions
T770: All versions
T820: All versions
S8000: All versions
External linkshttp://www.unisoc.com/en_us/secy/announcementDetail/1707266966118531074
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
7) Information exposure
EUVDB-ID: #VU81342
Risk: Medium
CVSSv3.1: 4.7 [CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:N/E:U/RL:O/RC:C]
CVE-ID: CVE-2023-40650
CWE-ID:
CWE-200 - Information exposure
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to read and manipulate data.
The vulnerability exists due to a possible missing permission check within the Telecom service in Android. A remote attacker can trick the victim to open a specially crafted file and read and manipulate data.
MitigationInstall security update from vendor's website.
Vulnerable software versionsSC7731E: All versions
SC9832E: All versions
SC9863A: All versions
T310: All versions
T606: All versions
T612: All versions
T616: All versions
T610: All versions
T618: All versions
T760: All versions
T770: All versions
T820: All versions
S8000: All versions
External linkshttp://www.unisoc.com/en_us/secy/announcementDetail/1707266966118531074
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
8) Information exposure
EUVDB-ID: #VU81341
Risk: Low
CVSSv3.1: 4.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C]
CVE-ID: CVE-2023-40649
CWE-ID:
CWE-200 - Information exposure
Exploit availability: No
DescriptionThe vulnerability allows a local application to gain access to sensitive information.
The vulnerability exists due to a possible missing permission check within the Messaging in Android. A local application can gain access to sensitive information.
MitigationInstall security update from vendor's website.
Vulnerable software versionsSC9863A: All versions
External linkshttp://www.unisoc.com/en_us/secy/announcementDetail/1707266966118531074
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
9) Information exposure
EUVDB-ID: #VU81340
Risk: Low
CVSSv3.1: 2.9 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N/E:U/RL:O/RC:C]
CVE-ID: CVE-2023-40648
CWE-ID:
CWE-200 - Information exposure
Exploit availability: No
DescriptionThe vulnerability allows a local application to gain access to sensitive information.
The vulnerability exists due to a possible missing permission check within the Messaging in Android. A local application can gain access to sensitive information.
MitigationInstall security update from vendor's website.
Vulnerable software versionsSC9863A: All versions
External linkshttp://www.unisoc.com/en_us/secy/announcementDetail/1707266966118531074
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
10) Information exposure
EUVDB-ID: #VU81339
Risk: Low
CVSSv3.1: 4.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C]
CVE-ID: CVE-2023-40647
CWE-ID:
CWE-200 - Information exposure
Exploit availability: No
DescriptionThe vulnerability allows a local application to gain access to sensitive information.
The vulnerability exists due to a possible missing permission check within the Messaging in Android. A local application can gain access to sensitive information.
MitigationInstall security update from vendor's website.
Vulnerable software versionsSC9863A: All versions
External linkshttp://www.unisoc.com/en_us/secy/announcementDetail/1707266966118531074
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
11) Information exposure
EUVDB-ID: #VU81338
Risk: Low
CVSSv3.1: 2.9 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N/E:U/RL:O/RC:C]
CVE-ID: CVE-2023-40646
CWE-ID:
CWE-200 - Information exposure
Exploit availability: No
DescriptionThe vulnerability allows a local application to gain access to sensitive information.
The vulnerability exists due to a possible missing permission check within the Messaging in Android. A local application can gain access to sensitive information.
MitigationInstall security update from vendor's website.
Vulnerable software versionsSC9863A: All versions
External linkshttp://www.unisoc.com/en_us/secy/announcementDetail/1707266966118531074
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
12) Information exposure
EUVDB-ID: #VU81336
Risk: Low
CVSSv3.1: 2.9 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N/E:U/RL:O/RC:C]
CVE-ID: CVE-2023-40644
CWE-ID:
CWE-200 - Information exposure
Exploit availability: No
DescriptionThe vulnerability allows a local application to gain access to sensitive information.
The vulnerability exists due to a possible missing permission check within the Messaging in Android. A local application can gain access to sensitive information.
MitigationInstall security update from vendor's website.
Vulnerable software versionsSC9863A: All versions
External linkshttp://www.unisoc.com/en_us/secy/announcementDetail/1707266966118531074
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
13) Information exposure
EUVDB-ID: #VU81323
Risk: Low
CVSSv3.1: 2.9 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N/E:U/RL:O/RC:C]
CVE-ID: CVE-2023-40631
CWE-ID:
CWE-200 - Information exposure
Exploit availability: No
DescriptionThe vulnerability allows a local application to gain access to sensitive information.
The vulnerability exists due to a possible missing permission check within the Dialer in Android. A local application can gain access to sensitive information.
MitigationInstall security update from vendor's website.
Vulnerable software versionsSC7731E: All versions
SC9832E: All versions
SC9863A: All versions
T310: All versions
T606: All versions
T612: All versions
T616: All versions
T610: All versions
T618: All versions
T760: All versions
T770: All versions
T820: All versions
S8000: All versions
External linkshttp://www.unisoc.com/en_us/secy/announcementDetail/1707266966118531074
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
14) Information exposure
EUVDB-ID: #VU81335
Risk: Low
CVSSv3.1: 2.9 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N/E:U/RL:O/RC:C]
CVE-ID: CVE-2023-40643
CWE-ID:
CWE-200 - Information exposure
Exploit availability: No
DescriptionThe vulnerability allows a local application to gain access to sensitive information.
The vulnerability exists due to a possible missing permission check within the Messaging in Android. A local application can gain access to sensitive information.
MitigationInstall security update from vendor's website.
Vulnerable software versionsSC9863A: All versions
External linkshttp://www.unisoc.com/en_us/secy/announcementDetail/1707266966118531074
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
15) Information exposure
EUVDB-ID: #VU81334
Risk: Low
CVSSv3.1: 2.9 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N/E:U/RL:O/RC:C]
CVE-ID: CVE-2023-40642
CWE-ID:
CWE-200 - Information exposure
Exploit availability: No
DescriptionThe vulnerability allows a local application to gain access to sensitive information.
The vulnerability exists due to a possible missing permission check within the Messaging in Android. A local application can gain access to sensitive information.
MitigationInstall security update from vendor's website.
Vulnerable software versionsSC9863A: All versions
External linkshttp://www.unisoc.com/en_us/secy/announcementDetail/1707266966118531074
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
16) Information exposure
EUVDB-ID: #VU81333
Risk: Low
CVSSv3.1: 2.9 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N/E:U/RL:O/RC:C]
CVE-ID: CVE-2023-40641
CWE-ID:
CWE-200 - Information exposure
Exploit availability: No
DescriptionThe vulnerability allows a local application to gain access to sensitive information.
The vulnerability exists due to a possible missing permission check within the Messaging in Android. A local application can gain access to sensitive information.
MitigationInstall security update from vendor's website.
Vulnerable software versionsSC9863A: All versions
External linkshttp://www.unisoc.com/en_us/secy/announcementDetail/1707266966118531074
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
17) Improper Access Control
EUVDB-ID: #VU81332
Risk: Low
CVSSv3.1: 4.6 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L/E:U/RL:O/RC:C]
CVE-ID: CVE-2023-40640
CWE-ID:
CWE-284 - Improper Access Control
Exploit availability: No
DescriptionThe vulnerability allows a local application to read and manipulate data.
The vulnerability exists due to a possible missing permission check within the SoundRecorder service in Android. A local application can read and manipulate data.
MitigationInstall security update from vendor's website.
Vulnerable software versionsSC7731E: All versions
SC9832E: All versions
SC9863A: All versions
T310: All versions
T606: All versions
T612: All versions
T616: All versions
T610: All versions
T618: All versions
T760: All versions
T770: All versions
T820: All versions
S8000: All versions
External linkshttp://www.unisoc.com/en_us/secy/announcementDetail/1707266966118531074
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
18) Improper Access Control
EUVDB-ID: #VU81331
Risk: Low
CVSSv3.1: 4.6 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L/E:U/RL:O/RC:C]
CVE-ID: CVE-2023-40639
CWE-ID:
CWE-284 - Improper Access Control
Exploit availability: No
DescriptionThe vulnerability allows a local application to read and manipulate data.
The vulnerability exists due to a possible missing permission check within the SoundRecorder service in Android. A local application can read and manipulate data.
MitigationInstall security update from vendor's website.
Vulnerable software versionsSC7731E: All versions
SC9832E: All versions
SC9863A: All versions
T310: All versions
T606: All versions
T612: All versions
T616: All versions
T610: All versions
T618: All versions
T760: All versions
T770: All versions
T820: All versions
S8000: All versions
External linkshttp://www.unisoc.com/en_us/secy/announcementDetail/1707266966118531074
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
19) Information exposure
EUVDB-ID: #VU81329
Risk: Low
CVSSv3.1: 2.9 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N/E:U/RL:O/RC:C]
CVE-ID: CVE-2023-40637
CWE-ID:
CWE-200 - Information exposure
Exploit availability: No
DescriptionThe vulnerability allows a local application to gain access to sensitive information.
The vulnerability exists due to a possible missing permission check within the telecom service in Android. A local application can gain access to sensitive information.
MitigationInstall security update from vendor's website.
Vulnerable software versionsSC7731E: All versions
SC9832E: All versions
SC9863A: All versions
T310: All versions
T606: All versions
T612: All versions
T616: All versions
T610: All versions
T618: All versions
T760: All versions
T770: All versions
T820: All versions
S8000: All versions
External linkshttp://www.unisoc.com/en_us/secy/announcementDetail/1707266966118531074
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
20) Comparison Logic is Vulnerable to Power Side-Channel Attacks
EUVDB-ID: #VU81328
Risk: Low
CVSSv3.1: 2.9 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N/E:U/RL:O/RC:C]
CVE-ID: CVE-2023-40636
CWE-ID:
CWE-1255 - Comparison Logic is Vulnerable to Power Side-Channel Attacks
Exploit availability: No
DescriptionThe vulnerability allows a local application to gain access to sensitive information.
The vulnerability exists due to a possible way to write permission usage records of an app due to a missing permission check within the telecom service in Android. A local application can gain access to sensitive information.
MitigationInstall security update from vendor's website.
Vulnerable software versionsT760: All versions
T770: All versions
T820: All versions
S8000: All versions
External linkshttp://www.unisoc.com/en_us/secy/announcementDetail/1707266966118531074
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
21) Missing Authorization
EUVDB-ID: #VU81327
Risk: Low
CVSSv3.1: 2.9 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L/E:U/RL:O/RC:C]
CVE-ID: CVE-2023-40635
CWE-ID:
CWE-862 - Missing Authorization
Exploit availability: No
DescriptionThe vulnerability allows a local application to perform service disruption.
The vulnerability exists due to a possible missing permission check within the linkturbo in Android. A local application can perform service disruption.
MitigationInstall security update from vendor's website.
Vulnerable software versionsSC9863A: All versions
T606: All versions
T612: All versions
T616: All versions
T610: All versions
T618: All versions
T760: All versions
T770: All versions
T820: All versions
S8000: All versions
External linkshttp://www.unisoc.com/en_us/secy/announcementDetail/1707266966118531074
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
22) Information exposure
EUVDB-ID: #VU81326
Risk: Low
CVSSv3.1: 2.9 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N/E:U/RL:O/RC:C]
CVE-ID: CVE-2023-40634
CWE-ID:
CWE-200 - Information exposure
Exploit availability: No
DescriptionThe vulnerability allows a local application to gain access to sensitive information.
The vulnerability exists due to a possible missing permission check within the phasechecksercer in Android. A local application can gain access to sensitive information.
MitigationInstall security update from vendor's website.
Vulnerable software versionsSC7731E: All versions
SC9832E: All versions
SC9863A: All versions
T310: All versions
T606: All versions
T612: All versions
T616: All versions
T610: All versions
T618: All versions
T760: All versions
T770: All versions
T820: All versions
S8000: All versions
External linkshttp://www.unisoc.com/en_us/secy/announcementDetail/1707266966118531074
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
23) Information exposure
EUVDB-ID: #VU81325
Risk: Low
CVSSv3.1: 2.9 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N/E:U/RL:O/RC:C]
CVE-ID: CVE-2023-40633
CWE-ID:
CWE-200 - Information exposure
Exploit availability: No
DescriptionThe vulnerability allows a local application to gain access to sensitive information.
The vulnerability exists due to a possible missing permission check within the phasecheckserver in Android. A local application can gain access to sensitive information.
MitigationInstall security update from vendor's website.
Vulnerable software versionsSC7731E: All versions
SC9832E: All versions
SC9863A: All versions
T310: All versions
T606: All versions
T612: All versions
T616: All versions
T610: All versions
T618: All versions
T760: All versions
T770: All versions
T820: All versions
S8000: All versions
External linkshttp://www.unisoc.com/en_us/secy/announcementDetail/1707266966118531074
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
24) Use After Free
EUVDB-ID: #VU81324
Risk: Low
CVSSv3.1: 5.8 [CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2023-40632
CWE-ID:
CWE-416 - Use After Free
Exploit availability: No
DescriptionThe vulnerability allows a local privileged application to execute arbitrary code.
The vulnerability exists due to a possible use after free due to a logic error within the jpg driver in Android. A local privileged application can execute arbitrary code.
MitigationInstall security update from vendor's website.
Vulnerable software versionsT606: All versions
T612: All versions
T616: All versions
External linkshttp://www.unisoc.com/en_us/secy/announcementDetail/1707266966118531074
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
