SB2025120224 - Multiple vulnerabilities in Unisoc chipsets



SB2025120224 - Multiple vulnerabilities in Unisoc chipsets

Published: December 2, 2025

Security Bulletin ID SB2025120224
CSH Severity
Medium
Patch available
YES
Number of vulnerabilities 11
Exploitation vector Remote access
Highest impact Denial of service

Breakdown by Severity

Medium 100%
  • Low
  • Medium
  • High
  • Critical

Description

This security bulletin contains information about 11 vulnerabilities.


1) Improper input validation (CVE-ID: CVE-2025-61610)

CWE-ID: CWE-20 - Improper input validation

CVSSv4: CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Green


The vulnerability allows a remote attacker to perform a denial of service (DoS) attack.

The vulnerability exists due to a possible system crash due to improper input validation within the nr modem in Modem. A remote attacker can perform a denial of service (DoS) attack.


2) Improper input validation (CVE-ID: CVE-2025-61609)

CWE-ID: CWE-20 - Improper input validation

CVSSv4: CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Green


The vulnerability allows a remote attacker to perform a denial of service (DoS) attack.

The vulnerability exists due to a possible system crash due to improper input validation within the modem in Modem. A remote attacker can perform a denial of service (DoS) attack.


3) Improper input validation (CVE-ID: CVE-2025-61608)

CWE-ID: CWE-20 - Improper input validation

CVSSv4: CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Green


The vulnerability allows a remote attacker to perform a denial of service (DoS) attack.

The vulnerability exists due to a possible system crash due to improper input validation within the nr modem in Modem. A remote attacker can perform a denial of service (DoS) attack.


4) Improper input validation (CVE-ID: CVE-2025-61607)

CWE-ID: CWE-20 - Improper input validation

CVSSv4: CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Green


The vulnerability allows a remote attacker to perform a denial of service (DoS) attack.

The vulnerability exists due to a possible system crash due to improper input validation within the nr modem in Modem. A remote attacker can perform a denial of service (DoS) attack.


5) Improper input validation (CVE-ID: CVE-2025-61619)

CWE-ID: CWE-20 - Improper input validation

CVSSv4: CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Green


The vulnerability allows a remote attacker to perform a denial of service (DoS) attack.

The vulnerability exists due to a possible system crash due to improper input validation within the nr modem in Modem. A remote attacker can perform a denial of service (DoS) attack.


6) Improper input validation (CVE-ID: CVE-2025-61618)

CWE-ID: CWE-20 - Improper input validation

CVSSv4: CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Green


The vulnerability allows a remote attacker to perform a denial of service (DoS) attack.

The vulnerability exists due to a possible system crash due to improper input validation within the nr modem in Modem. A remote attacker can perform a denial of service (DoS) attack.


7) Improper input validation (CVE-ID: CVE-2025-61617)

CWE-ID: CWE-20 - Improper input validation

CVSSv4: CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Green


The vulnerability allows a remote attacker to perform a denial of service (DoS) attack.

The vulnerability exists due to a possible system crash due to improper input validation within the nr modem in Modem. A remote attacker can perform a denial of service (DoS) attack.


8) Out-of-bounds read (CVE-ID: CVE-2025-3012)

CWE-ID: CWE-125 - Out-of-bounds read

CVSSv4: CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Green


The vulnerability allows a remote attacker to perform a denial of service (DoS) attack.

The vulnerability exists due to a possible system crash due to null pointer dereference within the dpc modem in Modem. A remote attacker can perform a denial of service (DoS) attack.


9) Improper input validation (CVE-ID: CVE-2025-11133)

CWE-ID: CWE-20 - Improper input validation

CVSSv4: CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Green


The vulnerability allows a remote attacker to perform a denial of service (DoS) attack.

The vulnerability exists due to a possible system crash due to improper input validation within the nr modem in Modem. A remote attacker can perform a denial of service (DoS) attack.


10) Improper input validation (CVE-ID: CVE-2025-11131)

CWE-ID: CWE-20 - Improper input validation

CVSSv4: CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Green


The vulnerability allows a remote attacker to perform a denial of service (DoS) attack.

The vulnerability exists due to a possible system crash due to improper input validation within the nr modem in Modem. A remote attacker can perform a denial of service (DoS) attack.


11) Input validation error (CVE-ID: CVE-2025-11132)

CWE-ID: CWE-20 - Improper input validation

CVSSv4: CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Green


The vulnerability allows a remote attacker to perform a denial of service (DoS) attack.

The vulnerability exists due to insufficient validation of user-supplied input in nr modem. A remote attacker can send specially crafted packets to the device and perform a denial of service (DoS) attack.


Remediation

Install update from vendor's website.