SB2023120418 - Multiple vulnerabilities in Unisoc chipsets
Published: December 4, 2023
Breakdown by Severity
- Low
- Medium
- High
- Critical
Description
This security bulletin contains information about 90 vulnerabilities.
1) Out-of-bounds write (CVE-ID: CVE-2023-42729)
CWE-ID: CWE-787 - Out-of-bounds write
CVSSv4: CVSS:4.0/AV:L/AC:L/AT:N/PR:H/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear
The vulnerability allows a local privileged application to execute arbitrary code.
The vulnerability exists due to a possible out of bounds write due to a missing bounds check within the ril service in Android. A local privileged application can execute arbitrary code.
2) Information exposure (CVE-ID: CVE-2023-42733)
CWE-ID: CWE-200 - Exposure of sensitive information to an unauthorized actor
CVSSv4: CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N/E:U/U:Clear
The vulnerability allows a local application to gain access to sensitive information.
The vulnerability exists due to a possible missing permission check within the telephony service in Android. A local application can gain access to sensitive information.
3) Information exposure (CVE-ID: CVE-2023-42732)
CWE-ID: CWE-200 - Exposure of sensitive information to an unauthorized actor
CVSSv4: CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N/E:U/U:Clear
The vulnerability allows a local application to gain access to sensitive information.
The vulnerability exists due to a possible missing permission check within the telephony service in Android. A local application can gain access to sensitive information.
4) Buffer overflow (CVE-ID: CVE-2022-48464)
CWE-ID: CWE-120 - Buffer overflow
CVSSv4: CVSS:4.0/AV:L/AC:L/AT:N/PR:H/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear
The vulnerability allows a local privileged application to execute arbitrary code.
The vulnerability exists due to a possible out of bounds write due to a missing bounds check within the wifi service in Android. A local privileged application can execute arbitrary code.
5) Buffer overflow (CVE-ID: CVE-2022-48463)
CWE-ID: CWE-120 - Buffer overflow
CVSSv4: CVSS:4.0/AV:L/AC:L/AT:N/PR:H/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear
The vulnerability allows a local privileged application to execute arbitrary code.
The vulnerability exists due to a possible out of bounds write due to a missing bounds check within the wifi service in Android. A local privileged application can execute arbitrary code.
6) Buffer overflow (CVE-ID: CVE-2022-48462)
CWE-ID: CWE-120 - Buffer overflow
CVSSv4: CVSS:4.0/AV:L/AC:L/AT:N/PR:H/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear
The vulnerability allows a local privileged application to execute arbitrary code.
The vulnerability exists due to a possible out of bounds write due to a missing bounds check within the wifi service in Android. A local privileged application can execute arbitrary code.
7) Buffer overflow (CVE-ID: CVE-2023-42751)
CWE-ID: CWE-120 - Buffer overflow
CVSSv4: CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:U/U:Clear
The vulnerability allows a local application to read and manipulate data.
The vulnerability exists due to a possible out of bounds write due to a missing bounds check within the gnss service in WCN. A local application can read and manipulate data.
8) Buffer overflow (CVE-ID: CVE-2023-42731)
CWE-ID: CWE-120 - Buffer overflow
CVSSv4: CVSS:4.0/AV:L/AC:L/AT:N/PR:H/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:U/U:Clear
The vulnerability allows a local privileged application to read and manipulate data.
The vulnerability exists due to a possible out of bounds read due to a missing bounds check within the Gnss service in Android. A local privileged application can read and manipulate data.
9) Information exposure (CVE-ID: CVE-2023-42730)
CWE-ID: CWE-200 - Exposure of sensitive information to an unauthorized actor
CVSSv4: CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N/E:U/U:Clear
The vulnerability allows a local application to gain access to sensitive information.
The vulnerability exists due to a possible way to write permission usage records of an app due to a missing permission check within the IMS service in Android. A local application can gain access to sensitive information.
10) Out-of-bounds read (CVE-ID: CVE-2023-42728)
CWE-ID: CWE-125 - Out-of-bounds read
CVSSv4: CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:L/VA:L/SC:N/SI:N/SA:N/E:U/U:Clear
The vulnerability allows a local application to manipulate or delete data.
The vulnerability exists due to a possible out of bounds read due to a missing bounds check within the phasecheckserver in Android. A local application can manipulate or delete data.
11) Information exposure (CVE-ID: CVE-2023-42735)
CWE-ID: CWE-200 - Exposure of sensitive information to an unauthorized actor
CVSSv4: CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N/E:U/U:Clear
The vulnerability allows a local application to gain access to sensitive information.
The vulnerability exists due to a possible missing permission check within the telephony service in Android. A local application can gain access to sensitive information.
12) Out-of-bounds write (CVE-ID: CVE-2023-42727)
CWE-ID: CWE-787 - Out-of-bounds write
CVSSv4: CVSS:4.0/AV:L/AC:L/AT:N/PR:H/UI:N/VC:L/VI:L/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear
The vulnerability allows a local privileged application to read and manipulate data.
The vulnerability exists due to a possible out of bounds write due to a incorrect bounds check within the gpu driver in Kernel. A local privileged application can read and manipulate data.
13) Out-of-bounds read (CVE-ID: CVE-2023-42726)
CWE-ID: CWE-125 - Out-of-bounds read
CVSSv4: CVSS:4.0/AV:L/AC:L/AT:N/PR:H/UI:N/VC:L/VI:L/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear
The vulnerability allows a local privileged application to read and manipulate data.
The vulnerability exists due to a possible out of bounds read due to a missing bounds check within the TeleService in Android. A local privileged application can read and manipulate data.
14) Out-of-bounds read (CVE-ID: CVE-2023-42725)
CWE-ID: CWE-125 - Out-of-bounds read
CVSSv4: CVSS:4.0/AV:L/AC:L/AT:N/PR:H/UI:N/VC:L/VI:L/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear
The vulnerability allows a local privileged application to read and manipulate data.
The vulnerability exists due to a possible out of bounds read due to a missing bounds check within the gpu driver in Kernel. A local privileged application can read and manipulate data.
15) Out-of-bounds read (CVE-ID: CVE-2023-42724)
CWE-ID: CWE-125 - Out-of-bounds read
CVSSv4: CVSS:4.0/AV:L/AC:L/AT:N/PR:H/UI:N/VC:L/VI:L/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear
The vulnerability allows a local privileged application to read and manipulate data.
The vulnerability exists due to a possible out of bounds read due to a missing bounds check within the gpu driver in Kernel. A local privileged application can read and manipulate data.
16) Out-of-bounds read (CVE-ID: CVE-2023-42723)
CWE-ID: CWE-125 - Out-of-bounds read
CVSSv4: CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N/E:U/U:Clear
The vulnerability allows a local application to manipulate data.
The vulnerability exists due to a possible out of bounds read due to a missing bounds check within the camera service in Android. A local application can manipulate data.
17) Memory corruption (CVE-ID: CVE-2023-42722)
CWE-ID: CWE-119 - Memory corruption
CVSSv4: CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N/E:U/U:Clear
The vulnerability allows a local application to manipulate data.
The vulnerability exists due to a possible use after free due to a logic error within the camera service in Android. A local application can manipulate data.
18) Memory corruption (CVE-ID: CVE-2023-42721)
CWE-ID: CWE-119 - Memory corruption
CVSSv4: CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:A/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N/E:U/U:Clear
The vulnerability allows a remote attacker to perform service disruption.
The vulnerability exists due to a possible missing verification incorrect input within the flv extractor in Android. A remote attacker can perform service disruption.
19) Out-of-bounds read (CVE-ID: CVE-2023-42720)
CWE-ID: CWE-125 - Out-of-bounds read
CVSSv4: CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:A/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N/E:U/U:Green
The vulnerability allows a remote attacker to gain access to sensitive information.
The vulnerability exists due to a possible out of bounds read due to a missing bounds check within the video service in Android. A remote attacker can gain access to sensitive information.
20) Out-of-bounds read (CVE-ID: CVE-2023-42719)
CWE-ID: CWE-125 - Out-of-bounds read
CVSSv4: CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:A/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N/E:U/U:Green
The vulnerability allows a remote attacker to gain access to sensitive information.
The vulnerability exists due to a possible out of bounds read due to a incorrect bounds check within the video service in Android. A remote attacker can gain access to sensitive information.
21) Information exposure (CVE-ID: CVE-2023-42734)
CWE-ID: CWE-200 - Exposure of sensitive information to an unauthorized actor
CVSSv4: CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N/E:U/U:Clear
The vulnerability allows a local application to gain access to sensitive information.
The vulnerability exists due to a possible missing permission check within the telephony service in Android. A local application can gain access to sensitive information.
22) Missing Authorization (CVE-ID: CVE-2023-42736)
CWE-ID: CWE-862 - Missing Authorization
CVSSv4: CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:L/VA:L/SC:N/SI:N/SA:N/E:U/U:Clear
The vulnerability allows a local application to manipulate or delete data.
The vulnerability exists due to a possible missing permission check within the telecom service in Android. A local application can manipulate or delete data.
23) Information exposure (CVE-ID: CVE-2023-42717)
CWE-ID: CWE-200 - Exposure of sensitive information to an unauthorized actor
CVSSv4: CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N/E:U/U:Clear
The vulnerability allows a local application to gain access to sensitive information.
The vulnerability exists due to a possible missing permission check within the telephony service in Android. A local application can gain access to sensitive information.
24) Missing Authorization (CVE-ID: CVE-2023-42748)
CWE-ID: CWE-862 - Missing Authorization
CVSSv4: CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:L/VA:L/SC:N/SI:N/SA:N/E:U/U:Clear
The vulnerability allows a local application to manipulate or delete data.
The vulnerability exists due to a possible missing permission check within the telecom service in Android. A local application can manipulate or delete data.
25) Stack-based buffer overflow (CVE-ID: CVE-2022-48461)
CWE-ID: CWE-121 - Stack-based buffer overflow
CVSSv4: CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:L/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear
The vulnerability allows a local application to execute arbitrary code.
The vulnerability exists due to a possible out of bounds write due to a missing bounds check within the sensor driver in Kernel. A local application can execute arbitrary code.
26) Incorrect Permission Assignment for Critical Resource (CVE-ID: CVE-2022-48459)
CWE-ID: CWE-732 - Incorrect Permission Assignment for Critical Resource
CVSSv4: CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear
The vulnerability allows a local application to crash the entire system.
The vulnerability exists due to a possible system crash due to improper input validation within the TeleService in Android. A local application can crash the entire system.
27) Incorrect Permission Assignment for Critical Resource (CVE-ID: CVE-2022-48458)
CWE-ID: CWE-732 - Incorrect Permission Assignment for Critical Resource
CVSSv4: CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear
The vulnerability allows a local application to crash the entire system.
The vulnerability exists due to a possible system crash due to improper input validation within the TeleService in Android. A local application can crash the entire system.
28) Incorrect Permission Assignment for Critical Resource (CVE-ID: CVE-2022-48457)
CWE-ID: CWE-732 - Incorrect Permission Assignment for Critical Resource
CVSSv4: CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear
The vulnerability allows a local application to crash the entire system.
The vulnerability exists due to a possible system crash due to improper input validation within the TeleService in Android. A local application can crash the entire system.
29) Memory corruption (CVE-ID: CVE-2022-48456)
CWE-ID: CWE-119 - Memory corruption
CVSSv4: CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:L/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear
The vulnerability allows a local application to execute arbitrary code.
The vulnerability exists due to a possible out of bounds write due to a incorrect bounds check within the camera driver in Kernel. A local application can execute arbitrary code.
30) Buffer overflow (CVE-ID: CVE-2022-48455)
CWE-ID: CWE-120 - Buffer overflow
CVSSv4: CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear
The vulnerability allows a local application to execute arbitrary code.
The vulnerability exists due to a possible out of bounds write due to a missing bounds check within the wifi service in Android. A local application can execute arbitrary code.
31) Buffer overflow (CVE-ID: CVE-2022-48454)
CWE-ID: CWE-120 - Buffer overflow
CVSSv4: CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear
The vulnerability allows a local application to execute arbitrary code.
The vulnerability exists due to a possible out of bounds write due to a missing bounds check within the wifi service in Android. A local application can execute arbitrary code.
32) Information exposure (CVE-ID: CVE-2023-42749)
CWE-ID: CWE-200 - Exposure of sensitive information to an unauthorized actor
CVSSv4: CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N/E:U/U:Clear
The vulnerability allows a local application to gain access to sensitive information.
The vulnerability exists due to a possible way to write permission usage records of an app due to a missing permission check within the enginnermode service in Android. A local application can gain access to sensitive information.
33) Missing Authorization (CVE-ID: CVE-2023-42747)
CWE-ID: CWE-862 - Missing Authorization
CVSSv4: CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:L/VA:L/SC:N/SI:N/SA:N/E:U/U:Clear
The vulnerability allows a local application to manipulate or delete data.
The vulnerability exists due to a possible missing permission check within the camera service in Android. A local application can manipulate or delete data.
34) Information exposure (CVE-ID: CVE-2023-42737)
CWE-ID: CWE-200 - Exposure of sensitive information to an unauthorized actor
CVSSv4: CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N/E:U/U:Clear
The vulnerability allows a local application to gain access to sensitive information.
The vulnerability exists due to a possible way to write permission usage records of an app due to a missing permission check within the telecom service in Android. A local application can gain access to sensitive information.
35) Missing Authorization (CVE-ID: CVE-2023-42746)
CWE-ID: CWE-862 - Missing Authorization
CVSSv4: CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:L/VA:L/SC:N/SI:N/SA:N/E:U/U:Clear
The vulnerability allows a local application to manipulate or delete data.
The vulnerability exists due to a possible missing permission check within the power manager in Android. A local application can manipulate or delete data.
36) Missing Authorization (CVE-ID: CVE-2023-42745)
CWE-ID: CWE-862 - Missing Authorization
CVSSv4: CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:L/VA:L/SC:N/SI:N/SA:N/E:U/U:Clear
The vulnerability allows a local application to manipulate or delete data.
The vulnerability exists due to a possible missing permission check within the telecom service in Android. A local application can manipulate or delete data.
37) Missing Authorization (CVE-ID: CVE-2023-42744)
CWE-ID: CWE-862 - Missing Authorization
CVSSv4: CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:L/VA:L/SC:N/SI:N/SA:N/E:U/U:Clear
The vulnerability allows a local application to manipulate or delete data.
The vulnerability exists due to a possible missing permission check within the telecom service in Android. A local application can manipulate or delete data.
38) Missing Authorization (CVE-ID: CVE-2023-42743)
CWE-ID: CWE-862 - Missing Authorization
CVSSv4: CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:L/VA:L/SC:N/SI:N/SA:N/E:U/U:Clear
The vulnerability allows a local application to manipulate or delete data.
The vulnerability exists due to a possible missing permission check within the telecom service in Android. A local application can manipulate or delete data.
39) Missing Authorization (CVE-ID: CVE-2023-42742)
CWE-ID: CWE-862 - Missing Authorization
CVSSv4: CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:L/VA:L/SC:N/SI:N/SA:N/E:U/U:Clear
The vulnerability allows a local application to manipulate or delete data.
The vulnerability exists due to a possible missing permission check within the sysui in Android. A local application can manipulate or delete data.
40) Information exposure (CVE-ID: CVE-2023-42741)
CWE-ID: CWE-200 - Exposure of sensitive information to an unauthorized actor
CVSSv4: CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N/E:U/U:Clear
The vulnerability allows a local application to gain access to sensitive information.
The vulnerability exists due to a possible way to write permission usage records of an app due to a missing permission check within the telecom service in Android. A local application can gain access to sensitive information.
41) Missing Authorization (CVE-ID: CVE-2023-42740)
CWE-ID: CWE-862 - Missing Authorization
CVSSv4: CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:L/VA:L/SC:N/SI:N/SA:N/E:U/U:Clear
The vulnerability allows a local application to manipulate or delete data.
The vulnerability exists due to a possible way to write permission usage records of an app due to a missing permission check within the telecom service in Android. A local application can manipulate or delete data.
42) Information exposure (CVE-ID: CVE-2023-42739)
CWE-ID: CWE-200 - Exposure of sensitive information to an unauthorized actor
CVSSv4: CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N/E:U/U:Clear
The vulnerability allows a local application to gain access to sensitive information.
The vulnerability exists due to a possible way to write permission usage records of an app due to a missing permission check within the engineermode service in Android. A local application can gain access to sensitive information.
43) Missing Authorization (CVE-ID: CVE-2023-42738)
CWE-ID: CWE-862 - Missing Authorization
CVSSv4: CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:L/VA:L/SC:N/SI:N/SA:N/E:U/U:Clear
The vulnerability allows a local application to manipulate or delete data.
The vulnerability exists due to a possible missing permission check within the telocom service in Android. A local application can manipulate or delete data.
44) Information exposure (CVE-ID: CVE-2023-42718)
CWE-ID: CWE-200 - Exposure of sensitive information to an unauthorized actor
CVSSv4: CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N/E:U/U:Clear
The vulnerability allows a local application to gain access to sensitive information.
The vulnerability exists due to a possible way to write permission usage records of an app due to a missing permission check within the dialer in Android. A local application can gain access to sensitive information.
45) Information exposure (CVE-ID: CVE-2023-42716)
CWE-ID: CWE-200 - Exposure of sensitive information to an unauthorized actor
CVSSv4: CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N/E:U/U:Clear
The vulnerability allows a local application to gain access to sensitive information.
The vulnerability exists due to a possible missing permission check within the telephony service in Android. A local application can gain access to sensitive information.
46) Information exposure (CVE-ID: CVE-2023-42671)
CWE-ID: CWE-200 - Exposure of sensitive information to an unauthorized actor
CVSSv4: CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N/E:U/U:Clear
The vulnerability allows a local application to gain access to sensitive information.
The vulnerability exists due to a possible way to write permission usage records of an app due to a missing permission check within the imsservice in Android. A local application can gain access to sensitive information.
47) Buffer overflow (CVE-ID: CVE-2023-42682)
CWE-ID: CWE-120 - Buffer overflow
CVSSv4: CVSS:4.0/AV:L/AC:L/AT:N/PR:H/UI:N/VC:N/VI:L/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear
The vulnerability allows a local privileged application to damange or delete data.
The vulnerability exists due to a possible out of bounds write due to a missing bounds check within the gsp driver in Kernel. A local privileged application can damange or delete data.
48) Missing Authorization (CVE-ID: CVE-2023-42690)
CWE-ID: CWE-862 - Missing Authorization
CVSSv4: CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N/E:U/U:Clear
The vulnerability allows a local application to perform service disruption.
The vulnerability exists due to a possible missing permission check within the wifi service in Android. A local application can perform service disruption.
49) Missing Authorization (CVE-ID: CVE-2023-42689)
CWE-ID: CWE-862 - Missing Authorization
CVSSv4: CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N/E:U/U:Clear
The vulnerability allows a local application to perform service disruption.
The vulnerability exists due to a possible missing permission check within the wifi service in Android. A local application can perform service disruption.
50) Missing Authorization (CVE-ID: CVE-2023-42688)
CWE-ID: CWE-862 - Missing Authorization
CVSSv4: CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N/E:U/U:Clear
The vulnerability allows a local application to perform service disruption.
The vulnerability exists due to a possible missing permission check within the wifi service in Android. A local application can perform service disruption.
51) Missing Authorization (CVE-ID: CVE-2023-42687)
CWE-ID: CWE-862 - Missing Authorization
CVSSv4: CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N/E:U/U:Clear
The vulnerability allows a local application to gain access to sensitive information.
The vulnerability exists due to a possible missing permission check within the wifi service in Android. A local application can gain access to sensitive information.
52) Missing Authorization (CVE-ID: CVE-2023-42686)
CWE-ID: CWE-862 - Missing Authorization
CVSSv4: CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N/E:U/U:Clear
The vulnerability allows a local application to perform service disruption.
The vulnerability exists due to a possible missing permission check within the wifi service in Android. A local application can perform service disruption.
53) Missing Authorization (CVE-ID: CVE-2023-42685)
CWE-ID: CWE-862 - Missing Authorization
CVSSv4: CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N/E:U/U:Clear
The vulnerability allows a local application to perform service disruption.
The vulnerability exists due to a possible missing permission check within the wifi service in Android. A local application can perform service disruption.
54) Out-of-bounds read (CVE-ID: CVE-2023-42684)
CWE-ID: CWE-125 - Out-of-bounds read
CVSSv4: CVSS:4.0/AV:L/AC:L/AT:N/PR:H/UI:N/VC:N/VI:L/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear
The vulnerability allows a local privileged application to damange or delete data.
The vulnerability exists due to a possible out of bounds read due to a missing bounds check within the gsp driver in Kernel. A local privileged application can damange or delete data.
55) Out-of-bounds read (CVE-ID: CVE-2023-42683)
CWE-ID: CWE-125 - Out-of-bounds read
CVSSv4: CVSS:4.0/AV:L/AC:L/AT:N/PR:H/UI:N/VC:N/VI:L/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear
The vulnerability allows a local privileged application to damange or delete data.
The vulnerability exists due to a possible out of bounds read due to a missing bounds check within the gsp driver in Kernel. A local privileged application can damange or delete data.
56) Missing Authorization (CVE-ID: CVE-2023-42681)
CWE-ID: CWE-862 - Missing Authorization
CVSSv4: CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:L/VA:L/SC:N/SI:N/SA:N/E:U/U:Clear
The vulnerability allows a local application to manipulate or delete data.
The vulnerability exists due to a possible missing permission check within the ion service in Android. A local application can manipulate or delete data.
57) Missing Authorization (CVE-ID: CVE-2023-42692)
CWE-ID: CWE-862 - Missing Authorization
CVSSv4: CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N/E:U/U:Clear
The vulnerability allows a local application to gain access to sensitive information.
The vulnerability exists due to a possible missing permission check within the wifi service in Android. A local application can gain access to sensitive information.
58) Out-of-bounds read (CVE-ID: CVE-2023-42680)
CWE-ID: CWE-125 - Out-of-bounds read
CVSSv4: CVSS:4.0/AV:L/AC:L/AT:N/PR:H/UI:N/VC:N/VI:L/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear
The vulnerability allows a local privileged application to damange or delete data.
The vulnerability exists due to a possible out of bounds read due to a missing bounds check within the gpu driver in Kernel. A local privileged application can damange or delete data.
59) Out-of-bounds write (CVE-ID: CVE-2023-42679)
CWE-ID: CWE-787 - Out-of-bounds write
CVSSv4: CVSS:4.0/AV:L/AC:L/AT:N/PR:H/UI:N/VC:L/VI:L/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear
The vulnerability allows a local privileged application to read and manipulate data.
The vulnerability exists due to a possible out of bounds write due to a missing bounds check within the gpu driver in Android. A local privileged application can read and manipulate data.
60) Information exposure (CVE-ID: CVE-2023-42678)
CWE-ID: CWE-200 - Exposure of sensitive information to an unauthorized actor
CVSSv4: CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N/E:U/U:Clear
The vulnerability allows a local application to gain access to sensitive information.
The vulnerability exists due to a possible way to write permission usage records of an app due to a missing permission check within the imsservice in Android. A local application can gain access to sensitive information.
61) Information exposure (CVE-ID: CVE-2023-42677)
CWE-ID: CWE-200 - Exposure of sensitive information to an unauthorized actor
CVSSv4: CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N/E:U/U:Clear
The vulnerability allows a local application to gain access to sensitive information.
The vulnerability exists due to a possible way to write permission usage records of an app due to a missing permission check within the imsservice in Android. A local application can gain access to sensitive information.
62) Information exposure (CVE-ID: CVE-2023-42676)
CWE-ID: CWE-200 - Exposure of sensitive information to an unauthorized actor
CVSSv4: CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N/E:U/U:Clear
The vulnerability allows a local application to gain access to sensitive information.
The vulnerability exists due to a possible way to write permission usage records of an app due to a missing permission check within the imsservice in Android. A local application can gain access to sensitive information.
63) Information exposure (CVE-ID: CVE-2023-42675)
CWE-ID: CWE-200 - Exposure of sensitive information to an unauthorized actor
CVSSv4: CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N/E:U/U:Clear
The vulnerability allows a local application to gain access to sensitive information.
The vulnerability exists due to a possible way to write permission usage records of an app due to a missing permission check within the imsservice in Android. A local application can gain access to sensitive information.
64) Information exposure (CVE-ID: CVE-2023-42674)
CWE-ID: CWE-200 - Exposure of sensitive information to an unauthorized actor
CVSSv4: CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N/E:U/U:Clear
The vulnerability allows a local application to gain access to sensitive information.
The vulnerability exists due to a possible way to write permission usage records of an app due to a missing permission check within the imsservice in Android. A local application can gain access to sensitive information.
65) Information exposure (CVE-ID: CVE-2023-42673)
CWE-ID: CWE-200 - Exposure of sensitive information to an unauthorized actor
CVSSv4: CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N/E:U/U:Clear
The vulnerability allows a local application to gain access to sensitive information.
The vulnerability exists due to a possible way to write permission usage records of an app due to a missing permission check within the imsservice in Android. A local application can gain access to sensitive information.
66) Information exposure (CVE-ID: CVE-2023-42672)
CWE-ID: CWE-200 - Exposure of sensitive information to an unauthorized actor
CVSSv4: CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N/E:U/U:Clear
The vulnerability allows a local application to gain access to sensitive information.
The vulnerability exists due to a possible way to write permission usage records of an app due to a missing permission check within the imsservice in Android. A local application can gain access to sensitive information.
67) Missing Authorization (CVE-ID: CVE-2023-42691)
CWE-ID: CWE-862 - Missing Authorization
CVSSv4: CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N/E:U/U:Clear
The vulnerability allows a local application to gain access to sensitive information.
The vulnerability exists due to a possible missing permission check within the wifi service in Android. A local application can gain access to sensitive information.
68) Missing Authorization (CVE-ID: CVE-2023-42693)
CWE-ID: CWE-862 - Missing Authorization
CVSSv4: CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N/E:U/U:Clear
The vulnerability allows a local application to perform service disruption.
The vulnerability exists due to a possible missing permission check within the wifi service in Android. A local application can perform service disruption.
69) Information exposure (CVE-ID: CVE-2023-42715)
CWE-ID: CWE-200 - Exposure of sensitive information to an unauthorized actor
CVSSv4: CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N/E:U/U:Clear
The vulnerability allows a local application to gain access to sensitive information.
The vulnerability exists due to a possible missing permission check within the telephony service in Android. A local application can gain access to sensitive information.
70) Information exposure (CVE-ID: CVE-2023-42705)
CWE-ID: CWE-200 - Exposure of sensitive information to an unauthorized actor
CVSSv4: CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N/E:U/U:Clear
The vulnerability allows a local application to gain access to sensitive information.
The vulnerability exists due to a possible way to write permission usage records of an app due to a missing permission check within the imsservice in Android. A local application can gain access to sensitive information.
71) Information exposure (CVE-ID: CVE-2023-42714)
CWE-ID: CWE-200 - Exposure of sensitive information to an unauthorized actor
CVSSv4: CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N/E:U/U:Clear
The vulnerability allows a local application to gain access to sensitive information.
The vulnerability exists due to a possible way to write permission usage records of an app due to a missing permission check within the firewall service in Android. A local application can gain access to sensitive information.
72) Information exposure (CVE-ID: CVE-2023-42713)
CWE-ID: CWE-200 - Exposure of sensitive information to an unauthorized actor
CVSSv4: CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N/E:U/U:Clear
The vulnerability allows a local application to gain access to sensitive information.
The vulnerability exists due to a possible way to write permission usage records of an app due to a missing permission check within the firewall service in Android. A local application can gain access to sensitive information.
73) Information exposure (CVE-ID: CVE-2023-42712)
CWE-ID: CWE-200 - Exposure of sensitive information to an unauthorized actor
CVSSv4: CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N/E:U/U:Clear
The vulnerability allows a local application to gain access to sensitive information.
The vulnerability exists due to a possible way to write permission usage records of an app due to a missing permission check within the firewall service in Android. A local application can gain access to sensitive information.
74) Information exposure (CVE-ID: CVE-2023-42711)
CWE-ID: CWE-200 - Exposure of sensitive information to an unauthorized actor
CVSSv4: CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N/E:U/U:Clear
The vulnerability allows a local application to gain access to sensitive information.
The vulnerability exists due to a possible way to write permission usage records of an app due to a missing permission check within the firewall service in Android. A local application can gain access to sensitive information.
75) Information exposure (CVE-ID: CVE-2023-42710)
CWE-ID: CWE-200 - Exposure of sensitive information to an unauthorized actor
CVSSv4: CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N/E:U/U:Clear
The vulnerability allows a local application to gain access to sensitive information.
The vulnerability exists due to a possible way to write permission usage records of an app due to a missing permission check within the firewall service in Android. A local application can gain access to sensitive information.
76) Information exposure (CVE-ID: CVE-2023-42709)
CWE-ID: CWE-200 - Exposure of sensitive information to an unauthorized actor
CVSSv4: CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N/E:U/U:Clear
The vulnerability allows a local application to gain access to sensitive information.
The vulnerability exists due to a possible way to write permission usage records of an app due to a missing permission check within the firewall service in Android. A local application can gain access to sensitive information.
77) Information exposure (CVE-ID: CVE-2023-42708)
CWE-ID: CWE-200 - Exposure of sensitive information to an unauthorized actor
CVSSv4: CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N/E:U/U:Clear
The vulnerability allows a local application to gain access to sensitive information.
The vulnerability exists due to a possible way to write permission usage records of an app due to a missing permission check within the firewall service in Android. A local application can gain access to sensitive information.
78) Information exposure (CVE-ID: CVE-2023-42707)
CWE-ID: CWE-200 - Exposure of sensitive information to an unauthorized actor
CVSSv4: CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N/E:U/U:Clear
The vulnerability allows a local application to gain access to sensitive information.
The vulnerability exists due to a possible way to write permission usage records of an app due to a missing permission check within the firewall service in Android. A local application can gain access to sensitive information.
79) Information exposure (CVE-ID: CVE-2023-42706)
CWE-ID: CWE-200 - Exposure of sensitive information to an unauthorized actor
CVSSv4: CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N/E:U/U:Clear
The vulnerability allows a local application to gain access to sensitive information.
The vulnerability exists due to a possible way to write permission usage records of an app due to a missing permission check within the firewall service in Android. A local application can gain access to sensitive information.
80) Information exposure (CVE-ID: CVE-2023-42704)
CWE-ID: CWE-200 - Exposure of sensitive information to an unauthorized actor
CVSSv4: CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N/E:U/U:Clear
The vulnerability allows a local application to gain access to sensitive information.
The vulnerability exists due to a possible way to write permission usage records of an app due to a missing permission check within the imsservice in Android. A local application can gain access to sensitive information.
81) Missing Authorization (CVE-ID: CVE-2023-42694)
CWE-ID: CWE-862 - Missing Authorization
CVSSv4: CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N/E:U/U:Clear
The vulnerability allows a local application to perform service disruption.
The vulnerability exists due to a possible missing permission check within the wifi service in Android. A local application can perform service disruption.
82) Information exposure (CVE-ID: CVE-2023-42703)
CWE-ID: CWE-200 - Exposure of sensitive information to an unauthorized actor
CVSSv4: CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N/E:U/U:Clear
The vulnerability allows a local application to gain access to sensitive information.
The vulnerability exists due to a possible way to write permission usage records of an app due to a missing permission check within the firewall service in Android. A local application can gain access to sensitive information.
83) Information exposure (CVE-ID: CVE-2023-42702)
CWE-ID: CWE-200 - Exposure of sensitive information to an unauthorized actor
CVSSv4: CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N/E:U/U:Clear
The vulnerability allows a local application to gain access to sensitive information.
The vulnerability exists due to a possible way to write permission usage records of an app due to a missing permission check within the firewall service in Android. A local application can gain access to sensitive information.
84) Information exposure (CVE-ID: CVE-2023-42701)
CWE-ID: CWE-200 - Exposure of sensitive information to an unauthorized actor
CVSSv4: CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N/E:U/U:Clear
The vulnerability allows a local application to gain access to sensitive information.
The vulnerability exists due to a possible way to write permission usage records of an app due to a missing permission check within the firewall service in Android. A local application can gain access to sensitive information.
85) Information exposure (CVE-ID: CVE-2023-42700)
CWE-ID: CWE-200 - Exposure of sensitive information to an unauthorized actor
CVSSv4: CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N/E:U/U:Clear
The vulnerability allows a local application to gain access to sensitive information.
The vulnerability exists due to a possible way to write permission usage records of an app due to a missing permission check within the firewall service in Android. A local application can gain access to sensitive information.
86) Information exposure (CVE-ID: CVE-2023-42699)
CWE-ID: CWE-200 - Exposure of sensitive information to an unauthorized actor
CVSSv4: CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N/E:U/U:Clear
The vulnerability allows a local application to gain access to sensitive information.
The vulnerability exists due to a possible way to write permission usage records of an app due to a missing permission check within the omacp service in Android. A local application can gain access to sensitive information.
87) Information exposure (CVE-ID: CVE-2023-42698)
CWE-ID: CWE-200 - Exposure of sensitive information to an unauthorized actor
CVSSv4: CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N/E:U/U:Clear
The vulnerability allows a local application to gain access to sensitive information.
The vulnerability exists due to a possible way to write permission usage records of an app due to a missing permission check within the omacp service in Android. A local application can gain access to sensitive information.
88) Information exposure (CVE-ID: CVE-2023-42697)
CWE-ID: CWE-200 - Exposure of sensitive information to an unauthorized actor
CVSSv4: CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N/E:U/U:Clear
The vulnerability allows a local application to gain access to sensitive information.
The vulnerability exists due to a possible way to write permission usage records of an app due to a missing permission check within the omacp service in Android. A local application can gain access to sensitive information.
89) Missing Authorization (CVE-ID: CVE-2023-42696)
CWE-ID: CWE-862 - Missing Authorization
CVSSv4: CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:A/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Green
The vulnerability allows a remote attacker to crash the entire system.
The vulnerability exists due to a possible missing permission check within the telecom service in Android. A remote attacker can trick the victim to open a specially crafted file and crash the entire system.
90) Missing Authorization (CVE-ID: CVE-2023-42695)
CWE-ID: CWE-862 - Missing Authorization
CVSSv4: CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N/E:U/U:Clear
The vulnerability allows a local application to gain access to sensitive information.
The vulnerability exists due to a possible missing permission check within the wifi service in Android. A local application can gain access to sensitive information.
Remediation
Install update from vendor's website.