SB2023090401 - Multiple vulnerabilities in Unisoc chipsets
Published: September 4, 2023
Breakdown by Severity
- Low
- Medium
- High
- Critical
Description
This security bulletin contains information about 43 secuirty vulnerabilities.
1) Missing Authorization (CVE-ID: CVE-2023-38465)
The vulnerability allows a local privileged application to gain access to sensitive information.
The vulnerability exists due to a possible missing permission check within the Android. A local privileged application can gain access to sensitive information.
2) Information exposure (CVE-ID: CVE-2023-38457)
The vulnerability allows a local application to gain access to sensitive information.
The vulnerability exists due to a possible missing permission check within the Android. A local application can gain access to sensitive information.
3) Information exposure (CVE-ID: CVE-2023-38458)
The vulnerability allows a local application to gain access to sensitive information.
The vulnerability exists due to a possible missing permission check within the Android. A local application can gain access to sensitive information.
4) Information exposure (CVE-ID: CVE-2023-38459)
The vulnerability allows a local application to gain access to sensitive information.
The vulnerability exists due to a possible missing permission check within the Android. A local application can gain access to sensitive information.
5) Information exposure (CVE-ID: CVE-2023-38460)
The vulnerability allows a local application to gain access to sensitive information.
The vulnerability exists due to a possible missing permission check within the Android. A local application can gain access to sensitive information.
6) Information exposure (CVE-ID: CVE-2023-38461)
The vulnerability allows a local application to gain access to sensitive information.
The vulnerability exists due to a possible missing permission check within the Android. A local application can gain access to sensitive information.
7) Information exposure (CVE-ID: CVE-2023-38462)
The vulnerability allows a local application to gain access to sensitive information.
The vulnerability exists due to a possible missing permission check within the Android. A local application can gain access to sensitive information.
8) Information exposure (CVE-ID: CVE-2023-38463)
The vulnerability allows a local application to gain access to sensitive information.
The vulnerability exists due to a possible missing permission check within the Android. A local application can gain access to sensitive information.
9) Information exposure (CVE-ID: CVE-2023-38464)
The vulnerability allows a local application to gain access to sensitive information.
The vulnerability exists due to a possible missing permission check within the Android. A local application can gain access to sensitive information.
10) Missing Authorization (CVE-ID: CVE-2023-38466)
The vulnerability allows a local privileged application to gain access to sensitive information.
The vulnerability exists due to a possible missing permission check within the Android. A local privileged application can gain access to sensitive information.
11) Information exposure (CVE-ID: CVE-2023-38455)
The vulnerability allows a local application to gain access to sensitive information.
The vulnerability exists due to a possible missing permission check within the Android. A local application can gain access to sensitive information.
12) Out-of-bounds write (CVE-ID: CVE-2023-38467)
The vulnerability allows a local privileged application to execute arbitrary code.
The vulnerability exists due to a possible out of bounds write due to a missing bounds check within the Android. A local privileged application can execute arbitrary code.
13) Out-of-bounds write (CVE-ID: CVE-2023-38468)
The vulnerability allows a local privileged application to execute arbitrary code.
The vulnerability exists due to a possible out of bounds write due to a missing bounds check within the Android. A local privileged application can execute arbitrary code.
14) Out-of-bounds write (CVE-ID: CVE-2023-38553)
The vulnerability allows a local application to read and manipulate data.
The vulnerability exists due to a possible out of bounds write due to a missing bounds check within the WCN. A local application can read and manipulate data.
15) Out-of-bounds write (CVE-ID: CVE-2023-38554)
The vulnerability allows a local privileged application to perform a denial of service (DoS) attack.
The vulnerability exists due to a possible out of bounds write due to a missing bounds check within the WCN. A local privileged application can perform a denial of service (DoS) attack.
16) Out-of-bounds read (CVE-ID: CVE-2022-47352)
The vulnerability allows a local application to manipulate or delete data.
The vulnerability exists due to a possible out of bounds read due to a missing bounds check within the Kernel. A local application can manipulate or delete data.
17) Missing Authorization (CVE-ID: CVE-2022-48452)
The vulnerability allows a local application to manipulate or delete data.
The vulnerability exists due to a possible missing permission check within the Android. A local application can manipulate or delete data.
18) Out-of-bounds write (CVE-ID: CVE-2022-48453)
The vulnerability allows a local application to manipulate or delete data.
The vulnerability exists due to a possible out of bounds write due to a missing bounds check within the Kernel. A local application can manipulate or delete data.
19) Improper Handling of Missing Values (CVE-ID: CVE-2023-33914)
The vulnerability allows a remote application to read, manipulate or delete data.
The vulnerability exists due to a possible missing verification incorrect input within the Security Mode Command in Modem. A remote application can read, manipulate or delete data.
20) Improper Check or Handling of Exceptional Conditions (CVE-ID: CVE-2023-33915)
The vulnerability allows a remote attacker to read and manipulate data.
The vulnerability exists due to a possible missing permission check within the Modem. A remote attacker can read and manipulate data.
21) Information exposure (CVE-ID: CVE-2023-38456)
The vulnerability allows a local application to gain access to sensitive information.
The vulnerability exists due to a possible missing permission check within the Android. A local application can gain access to sensitive information.
22) Information exposure (CVE-ID: CVE-2023-38454)
The vulnerability allows a local application to gain access to sensitive information.
The vulnerability exists due to a possible missing permission check within the Android. A local application can gain access to sensitive information.
23) Information exposure (CVE-ID: CVE-2023-33916)
The vulnerability allows a local application to gain access to sensitive information.
The vulnerability exists due to a possible missing permission check within the Android. A local application can gain access to sensitive information.
24) Information exposure (CVE-ID: CVE-2023-38442)
The vulnerability allows a local application to gain access to sensitive information.
The vulnerability exists due to a possible missing permission check within the Android. A local application can gain access to sensitive information.
25) Information exposure (CVE-ID: CVE-2023-33917)
The vulnerability allows a local application to gain access to sensitive information.
The vulnerability exists due to a possible missing permission check within the Android. A local application can gain access to sensitive information.
26) Information exposure (CVE-ID: CVE-2023-33918)
The vulnerability allows a local application to gain access to sensitive information.
The vulnerability exists due to a possible missing permission check within the Android. A local application can gain access to sensitive information.
27) Information exposure (CVE-ID: CVE-2023-38436)
The vulnerability allows a local application to gain access to sensitive information.
The vulnerability exists due to a possible missing permission check within the Android. A local application can gain access to sensitive information.
28) Information exposure (CVE-ID: CVE-2023-38437)
The vulnerability allows a local application to gain access to sensitive information.
The vulnerability exists due to a possible missing permission check within the Android. A local application can gain access to sensitive information.
29) Information exposure (CVE-ID: CVE-2023-38438)
The vulnerability allows a local application to gain access to sensitive information.
The vulnerability exists due to a possible missing permission check within the Android. A local application can gain access to sensitive information.
30) Information exposure (CVE-ID: CVE-2023-38439)
The vulnerability allows a local application to gain access to sensitive information.
The vulnerability exists due to a possible missing permission check within the Android. A local application can gain access to sensitive information.
31) Information exposure (CVE-ID: CVE-2023-38440)
The vulnerability allows a local application to gain access to sensitive information.
The vulnerability exists due to a possible missing permission check within the Android. A local application can gain access to sensitive information.
32) Information exposure (CVE-ID: CVE-2023-38441)
The vulnerability allows a local application to gain access to sensitive information.
The vulnerability exists due to a possible missing permission check within the Android. A local application can gain access to sensitive information.
33) Information exposure (CVE-ID: CVE-2023-38443)
The vulnerability allows a local application to gain access to sensitive information.
The vulnerability exists due to a possible missing permission check within the Android. A local application can gain access to sensitive information.
34) Information exposure (CVE-ID: CVE-2023-38453)
The vulnerability allows a local application to gain access to sensitive information.
The vulnerability exists due to a possible missing permission check within the Android. A local application can gain access to sensitive information.
35) Information exposure (CVE-ID: CVE-2023-38444)
The vulnerability allows a local application to gain access to sensitive information.
The vulnerability exists due to a possible missing permission check within the Android. A local application can gain access to sensitive information.
36) Information exposure (CVE-ID: CVE-2023-38445)
The vulnerability allows a local application to gain access to sensitive information.
The vulnerability exists due to a possible missing permission check within the Android. A local application can gain access to sensitive information.
37) Information exposure (CVE-ID: CVE-2023-38446)
The vulnerability allows a local application to gain access to sensitive information.
The vulnerability exists due to a possible missing permission check within the Android. A local application can gain access to sensitive information.
38) Information exposure (CVE-ID: CVE-2023-38447)
The vulnerability allows a local application to gain access to sensitive information.
The vulnerability exists due to a possible missing permission check within the Android. A local application can gain access to sensitive information.
39) Information exposure (CVE-ID: CVE-2023-38448)
The vulnerability allows a local application to gain access to sensitive information.
The vulnerability exists due to a possible missing permission check within the Android. A local application can gain access to sensitive information.
40) Information exposure (CVE-ID: CVE-2023-38449)
The vulnerability allows a local application to gain access to sensitive information.
The vulnerability exists due to a possible missing permission check within the Android. A local application can gain access to sensitive information.
41) Information exposure (CVE-ID: CVE-2023-38450)
The vulnerability allows a local application to gain access to sensitive information.
The vulnerability exists due to a possible missing permission check within the Android. A local application can gain access to sensitive information.
42) Information exposure (CVE-ID: CVE-2023-38451)
The vulnerability allows a local application to gain access to sensitive information.
The vulnerability exists due to a possible missing permission check within the Android. A local application can gain access to sensitive information.
43) Information exposure (CVE-ID: CVE-2023-38452)
The vulnerability allows a local application to gain access to sensitive information.
The vulnerability exists due to a possible missing permission check within the Android. A local application can gain access to sensitive information.
Remediation
Install update from vendor's website.