SB2023030641 - Multiple vulnerabilities in Unisoc chipsets
Published: March 6, 2023
Breakdown by Severity
- Low
- Medium
- High
- Critical
Description
This security bulletin contains information about 24 secuirty vulnerabilities.
1) Missing Authorization (CVE-ID: CVE-2022-47484)
The vulnerability allows a local application to manipulate data.
The vulnerability exists due to a missing permission check within the telephone service in Android. A local application can manipulate data.
2) Out-of-bounds write (CVE-ID: CVE-2022-47459)
The vulnerability allows a local application to read, manipulate or delete data.
The vulnerability exists due to a possible missing params check within the wlan driver in Kerenl. A local application can read, manipulate or delete data.
3) Missing Authorization (CVE-ID: CVE-2022-47462)
The vulnerability allows a remote attacker to execute arbitrary code.
The vulnerability exists due to a missing permission check within the telephone service in Android. A remote attacker can trick the victim to open a specially crafted file and execute arbitrary code.
4) Information Exposure (CVE-ID: CVE-2022-47461)
The vulnerability allows a local application to read and manipulate data.
The vulnerability exists due to a missing permission check within the telephone service in Android. A local application can read and manipulate data.
5) Use After Free (CVE-ID: CVE-2022-47460)
The vulnerability allows a local application to damange or delete data.
The vulnerability exists due to a memory corruption due to a use after free within the gpu device in Kerenl. A local application can damange or delete data.
6) Out-of-bounds read (CVE-ID: CVE-2022-47458)
The vulnerability allows a local application to read and manipulate data.
The vulnerability exists due to a possible missing params check within the fm driver in Kerenl. A local application can read and manipulate data.
7) Out-of-bounds write (CVE-ID: CVE-2022-47457)
The vulnerability allows a local application to read and manipulate data.
The vulnerability exists due to a possible missing params check within the fm driver in Kerenl. A local application can read and manipulate data.
8) Buffer over-read (CVE-ID: CVE-2022-47456)
The vulnerability allows a local application to perform a denial of service (DoS) attack.
The vulnerability exists due to a possible missing params check within the wlan driver in Kerenl. A local application can perform a denial of service (DoS) attack.
9) Buffer over-read (CVE-ID: CVE-2022-47455)
The vulnerability allows a local application to perform a denial of service (DoS) attack.
The vulnerability exists due to a possible missing params check within the wlan driver in Kerenl. A local application can perform a denial of service (DoS) attack.
10) Integer overflow (CVE-ID: CVE-2022-47454)
The vulnerability allows a local privileged application to read and manipulate data.
The vulnerability exists due to a possible missing params check within the wlan driver in Kerenl. A local privileged application can read and manipulate data.
11) Memory corruption (CVE-ID: CVE-2022-47453)
The vulnerability allows a local privileged application to read and manipulate data.
The vulnerability exists due to a possible missing params check within the wcn service in Kerenl. A local privileged application can read and manipulate data.
12) Missing Authorization (CVE-ID: CVE-2022-47483)
The vulnerability allows a local application to read and manipulate data.
The vulnerability exists due to a missing permission check within the telephone service in Android. A local application can read and manipulate data.
13) Information Exposure (CVE-ID: CVE-2022-47472)
The vulnerability allows a local application to read and manipulate data.
The vulnerability exists due to a missing permission check within the setting service in Android. A local application can read and manipulate data.
14) Missing Authorization (CVE-ID: CVE-2022-47482)
The vulnerability allows a local application to read and manipulate data.
The vulnerability exists due to a missing permission check within the telephone service in Android. A local application can read and manipulate data.
15) Missing Authorization (CVE-ID: CVE-2022-47481)
The vulnerability allows a local application to read and manipulate data.
The vulnerability exists due to a missing permission check within the telephone service in Android. A local application can read and manipulate data.
16) Missing Authorization (CVE-ID: CVE-2022-47480)
The vulnerability allows a local application to read and manipulate data.
The vulnerability exists due to a missing permission check within the telephone service in Android. A local application can read and manipulate data.
17) Information Exposure (CVE-ID: CVE-2022-47479)
The vulnerability allows a local application to read and manipulate data.
The vulnerability exists due to a missing permission check within the telephone service in Android. A local application can read and manipulate data.
18) Information Exposure (CVE-ID: CVE-2022-47478)
The vulnerability allows a local application to read and manipulate data.
The vulnerability exists due to a missing permission check within the telephone service in Android. A local application can read and manipulate data.
19) Information Exposure (CVE-ID: CVE-2022-47477)
The vulnerability allows a local application to read and manipulate data.
The vulnerability exists due to a missing permission check within the telephone service in Android. A local application can read and manipulate data.
20) Information Exposure (CVE-ID: CVE-2022-47476)
The vulnerability allows a local application to read and manipulate data.
The vulnerability exists due to a missing permission check within the telephone service in Android. A local application can read and manipulate data.
21) Information Exposure (CVE-ID: CVE-2022-47475)
The vulnerability allows a local application to read and manipulate data.
The vulnerability exists due to a missing permission check within the telephone service in Android. A local application can read and manipulate data.
22) Information Exposure (CVE-ID: CVE-2022-47474)
The vulnerability allows a local application to read and manipulate data.
The vulnerability exists due to a missing permission check within the telephone service in Android. A local application can read and manipulate data.
23) Information Exposure (CVE-ID: CVE-2022-47471)
The vulnerability allows a local application to read and manipulate data.
The vulnerability exists due to a missing permission check within the telephone service in Android. A local application can read and manipulate data.
24) Information Exposure (CVE-ID: CVE-2022-47473)
The vulnerability allows a local application to read and manipulate data.
The vulnerability exists due to a missing permission check within the telephone service in Android. A local application can read and manipulate data.
Remediation
Install update from vendor's website.