Security Bulletin
This security bulletin contains information about 6 vulnerabilities.
EUVDB-ID: #VU86091
Risk: Low
CVSSv3.1: 4.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2023-49672
CWE-ID:
CWE-416 - Use After Free
Exploit availability: No
DescriptionThe vulnerability allows a local application to perform a denial of service (DoS) attack.
The vulnerability exists due to a possible use after free due to a logic error within the ion driver in Kernel. A local application can perform a denial of service (DoS) attack.
MitigationInstall security update from vendor's website.
Vulnerable software versionsSC7731E: All versions
SC9832E: All versions
SC9863A: All versions
T310: All versions
T606: All versions
T612: All versions
T616: All versions
T610: All versions
T618: All versions
T760: All versions
T770: All versions
T820: All versions
S8000: All versions
External linkshttp://www.unisoc.com/en_us/secy/announcementDetail/1754320321801945089
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
EUVDB-ID: #VU86092
Risk: Low
CVSSv3.1: 4.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2023-49671
CWE-ID:
CWE-20 - Improper input validation
Exploit availability: No
DescriptionThe vulnerability allows a local application to perform a denial of service (DoS) attack.
The vulnerability exists due to a possible improper input validation within the ion driver in Kernel. A local application can perform a denial of service (DoS) attack.
MitigationInstall security update from vendor's website.
Vulnerable software versionsSC7731E: All versions
SC9832E: All versions
SC9863A: All versions
T310: All versions
T606: All versions
T612: All versions
T616: All versions
T610: All versions
T618: All versions
T760: All versions
T770: All versions
T820: All versions
S8000: All versions
External linkshttp://www.unisoc.com/en_us/secy/announcementDetail/1754320321801945089
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
EUVDB-ID: #VU86093
Risk: Low
CVSSv3.1: 4.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2023-49670
CWE-ID:
CWE-787 - Out-of-bounds write
Exploit availability: No
DescriptionThe vulnerability allows a local application to perform a denial of service (DoS) attack.
The vulnerability exists due to a possible out of bounds write due to a missing bounds check within the cp_dump driver in Kernel. A local application can perform a denial of service (DoS) attack.
MitigationInstall security update from vendor's website.
Vulnerable software versionsSC9863A: All versions
T606: All versions
T612: All versions
T616: All versions
T610: All versions
T618: All versions
T760: All versions
T770: All versions
T820: All versions
S8000: All versions
External linkshttp://www.unisoc.com/en_us/secy/announcementDetail/1754320321801945089
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
EUVDB-ID: #VU86094
Risk: Low
CVSSv3.1: 4.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2023-49669
CWE-ID:
CWE-787 - Out-of-bounds write
Exploit availability: No
DescriptionThe vulnerability allows a local application to perform a denial of service (DoS) attack.
The vulnerability exists due to a possible out of bounds write due to a missing bounds check within the cp_dump driver in Kernel. A local application can perform a denial of service (DoS) attack.
MitigationInstall security update from vendor's website.
Vulnerable software versionsSC9863A: All versions
T606: All versions
T612: All versions
T616: All versions
T610: All versions
T618: All versions
T760: All versions
T770: All versions
T820: All versions
S8000: All versions
External linkshttp://www.unisoc.com/en_us/secy/announcementDetail/1754320321801945089
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
EUVDB-ID: #VU86095
Risk: Low
CVSSv3.1: 6.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2023-49668
CWE-ID:
CWE-125 - Out-of-bounds read
Exploit availability: No
DescriptionThe vulnerability allows a local application to execute arbitrary code.
The vulnerability exists due to a possible out of bounds read due to a missing bounds check within the cp_dump driver in Kernel. A local application can execute arbitrary code.
MitigationInstall security update from vendor's website.
Vulnerable software versionsSC9863A: All versions
T606: All versions
T612: All versions
T616: All versions
T610: All versions
T618: All versions
T760: All versions
T770: All versions
T820: All versions
S8000: All versions
External linkshttp://www.unisoc.com/en_us/secy/announcementDetail/1754320321801945089
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
EUVDB-ID: #VU86096
Risk: Low
CVSSv3.1: 6.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2023-49667
CWE-ID:
CWE-126 - Buffer over-read
Exploit availability: No
DescriptionThe vulnerability allows a local application to execute arbitrary code.
The vulnerability exists due to a possible out of bounds read due to a missing bounds check within the cp dump driver in Kernel. A local application can execute arbitrary code.
MitigationInstall security update from vendor's website.
Vulnerable software versionsSC9863A: All versions
T606: All versions
T612: All versions
T616: All versions
T610: All versions
T618: All versions
T760: All versions
T770: All versions
T820: All versions
S8000SC9863A: All versions
S8000: All versions
External linkshttp://www.unisoc.com/en_us/secy/announcementDetail/1754320321801945089
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.