Multiple vulnerabilities in Unisoc chipsets

1) Use After Free

EUVDB-ID: #VU86091

Risk: Low

CVSSv3.1: 4.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2023-49672

CWE-ID: CWE-416 - Use After Free

Exploit availability: No

Description

The vulnerability allows a local application to perform a denial of service (DoS) attack.

The vulnerability exists due to a possible use after free due to a logic error within the ion driver in Kernel. A local application can perform a denial of service (DoS) attack.

Mitigation

Install security update from vendor's website.

Vulnerable software versions

SC7731E: All versions

SC9832E: All versions

SC9863A: All versions

T310: All versions

T606: All versions

T612: All versions

T616: All versions

T610: All versions

T618: All versions

T760: All versions

T770: All versions

T820: All versions

S8000: All versions

External links

http://www.unisoc.com/en_us/secy/announcementDetail/1754320321801945089

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

2) Improper input validation

EUVDB-ID: #VU86092

Risk: Low

CVSSv3.1: 4.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2023-49671

CWE-ID: CWE-20 - Improper input validation

Exploit availability: No

Description

The vulnerability allows a local application to perform a denial of service (DoS) attack.

The vulnerability exists due to a possible improper input validation within the ion driver in Kernel. A local application can perform a denial of service (DoS) attack.

Mitigation

Install security update from vendor's website.

Vulnerable software versions

SC7731E: All versions

SC9832E: All versions

SC9863A: All versions

T310: All versions

T606: All versions

T612: All versions

T616: All versions

T610: All versions

T618: All versions

T760: All versions

T770: All versions

T820: All versions

S8000: All versions

External links

http://www.unisoc.com/en_us/secy/announcementDetail/1754320321801945089

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

3) Out-of-bounds write

EUVDB-ID: #VU86093

Risk: Low

CVSSv3.1: 4.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2023-49670

CWE-ID: CWE-787 - Out-of-bounds write

Exploit availability: No

Description

The vulnerability allows a local application to perform a denial of service (DoS) attack.

The vulnerability exists due to a possible out of bounds write due to a missing bounds check within the cp_dump driver in Kernel. A local application can perform a denial of service (DoS) attack.

Mitigation

Install security update from vendor's website.

Vulnerable software versions

SC9863A: All versions

T606: All versions

T612: All versions

T616: All versions

T610: All versions

T618: All versions

T760: All versions

T770: All versions

T820: All versions

S8000: All versions

External links

http://www.unisoc.com/en_us/secy/announcementDetail/1754320321801945089

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

4) Out-of-bounds write

EUVDB-ID: #VU86094

Risk: Low

CVSSv3.1: 4.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2023-49669

CWE-ID: CWE-787 - Out-of-bounds write

Exploit availability: No

Description

The vulnerability allows a local application to perform a denial of service (DoS) attack.

The vulnerability exists due to a possible out of bounds write due to a missing bounds check within the cp_dump driver in Kernel. A local application can perform a denial of service (DoS) attack.

Mitigation

Install security update from vendor's website.

Vulnerable software versions

SC9863A: All versions

T606: All versions

T612: All versions

T616: All versions

T610: All versions

T618: All versions

T760: All versions

T770: All versions

T820: All versions

S8000: All versions

External links

http://www.unisoc.com/en_us/secy/announcementDetail/1754320321801945089

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

5) Out-of-bounds read

EUVDB-ID: #VU86095

Risk: Low

CVSSv3.1: 6.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2023-49668

CWE-ID: CWE-125 - Out-of-bounds read

Exploit availability: No

Description

The vulnerability allows a local application to execute arbitrary code.

The vulnerability exists due to a possible out of bounds read due to a missing bounds check within the cp_dump driver in Kernel. A local application can execute arbitrary code.

Mitigation

Install security update from vendor's website.

Vulnerable software versions

SC9863A: All versions

T606: All versions

T612: All versions

T616: All versions

T610: All versions

T618: All versions

T760: All versions

T770: All versions

T820: All versions

S8000: All versions

External links

http://www.unisoc.com/en_us/secy/announcementDetail/1754320321801945089

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

6) Buffer over-read

EUVDB-ID: #VU86096

Risk: Low

CVSSv3.1: 6.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2023-49667

CWE-ID: CWE-126 - Buffer over-read

Exploit availability: No

Description

The vulnerability allows a local application to execute arbitrary code.

The vulnerability exists due to a possible out of bounds read due to a missing bounds check within the cp dump driver in Kernel. A local application can execute arbitrary code.

Mitigation

Install security update from vendor's website.

Vulnerable software versions

SC9863A: All versions

T606: All versions

T612: All versions

T616: All versions

T610: All versions

T618: All versions

T760: All versions

T770: All versions

T820: All versions

S8000SC9863A: All versions

S8000: All versions

External links

http://www.unisoc.com/en_us/secy/announcementDetail/1754320321801945089

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.