SB2023120418 - Multiple vulnerabilities in Unisoc chipsets
Published: December 4, 2023
Breakdown by Severity
- Low
- Medium
- High
- Critical
Description
This security bulletin contains information about 90 secuirty vulnerabilities.
1) Out-of-bounds write (CVE-ID: CVE-2023-42729)
The vulnerability allows a local privileged application to execute arbitrary code.
The vulnerability exists due to a possible out of bounds write due to a missing bounds check within the ril service in Android. A local privileged application can execute arbitrary code.
2) Information exposure (CVE-ID: CVE-2023-42733)
The vulnerability allows a local application to gain access to sensitive information.
The vulnerability exists due to a possible missing permission check within the telephony service in Android. A local application can gain access to sensitive information.
3) Information exposure (CVE-ID: CVE-2023-42732)
The vulnerability allows a local application to gain access to sensitive information.
The vulnerability exists due to a possible missing permission check within the telephony service in Android. A local application can gain access to sensitive information.
4) Buffer overflow (CVE-ID: CVE-2022-48464)
The vulnerability allows a local privileged application to execute arbitrary code.
The vulnerability exists due to a possible out of bounds write due to a missing bounds check within the wifi service in Android. A local privileged application can execute arbitrary code.
5) Buffer overflow (CVE-ID: CVE-2022-48463)
The vulnerability allows a local privileged application to execute arbitrary code.
The vulnerability exists due to a possible out of bounds write due to a missing bounds check within the wifi service in Android. A local privileged application can execute arbitrary code.
6) Buffer overflow (CVE-ID: CVE-2022-48462)
The vulnerability allows a local privileged application to execute arbitrary code.
The vulnerability exists due to a possible out of bounds write due to a missing bounds check within the wifi service in Android. A local privileged application can execute arbitrary code.
7) Buffer overflow (CVE-ID: CVE-2023-42751)
The vulnerability allows a local application to read and manipulate data.
The vulnerability exists due to a possible out of bounds write due to a missing bounds check within the gnss service in WCN. A local application can read and manipulate data.
8) Buffer overflow (CVE-ID: CVE-2023-42731)
The vulnerability allows a local privileged application to read and manipulate data.
The vulnerability exists due to a possible out of bounds read due to a missing bounds check within the Gnss service in Android. A local privileged application can read and manipulate data.
9) Information exposure (CVE-ID: CVE-2023-42730)
The vulnerability allows a local application to gain access to sensitive information.
The vulnerability exists due to a possible way to write permission usage records of an app due to a missing permission check within the IMS service in Android. A local application can gain access to sensitive information.
10) Out-of-bounds read (CVE-ID: CVE-2023-42728)
The vulnerability allows a local application to manipulate or delete data.
The vulnerability exists due to a possible out of bounds read due to a missing bounds check within the phasecheckserver in Android. A local application can manipulate or delete data.
11) Information exposure (CVE-ID: CVE-2023-42735)
The vulnerability allows a local application to gain access to sensitive information.
The vulnerability exists due to a possible missing permission check within the telephony service in Android. A local application can gain access to sensitive information.
12) Out-of-bounds write (CVE-ID: CVE-2023-42727)
The vulnerability allows a local privileged application to read and manipulate data.
The vulnerability exists due to a possible out of bounds write due to a incorrect bounds check within the gpu driver in Kernel. A local privileged application can read and manipulate data.
13) Out-of-bounds read (CVE-ID: CVE-2023-42726)
The vulnerability allows a local privileged application to read and manipulate data.
The vulnerability exists due to a possible out of bounds read due to a missing bounds check within the TeleService in Android. A local privileged application can read and manipulate data.
14) Out-of-bounds read (CVE-ID: CVE-2023-42725)
The vulnerability allows a local privileged application to read and manipulate data.
The vulnerability exists due to a possible out of bounds read due to a missing bounds check within the gpu driver in Kernel. A local privileged application can read and manipulate data.
15) Out-of-bounds read (CVE-ID: CVE-2023-42724)
The vulnerability allows a local privileged application to read and manipulate data.
The vulnerability exists due to a possible out of bounds read due to a missing bounds check within the gpu driver in Kernel. A local privileged application can read and manipulate data.
16) Out-of-bounds read (CVE-ID: CVE-2023-42723)
The vulnerability allows a local application to manipulate data.
The vulnerability exists due to a possible out of bounds read due to a missing bounds check within the camera service in Android. A local application can manipulate data.
17) Memory corruption (CVE-ID: CVE-2023-42722)
The vulnerability allows a local application to manipulate data.
The vulnerability exists due to a possible use after free due to a logic error within the camera service in Android. A local application can manipulate data.
18) Memory corruption (CVE-ID: CVE-2023-42721)
The vulnerability allows a remote attacker to perform service disruption.
The vulnerability exists due to a possible missing verification incorrect input within the flv extractor in Android. A remote attacker can perform service disruption.
19) Out-of-bounds read (CVE-ID: CVE-2023-42720)
The vulnerability allows a remote attacker to gain access to sensitive information.
The vulnerability exists due to a possible out of bounds read due to a missing bounds check within the video service in Android. A remote attacker can gain access to sensitive information.
20) Out-of-bounds read (CVE-ID: CVE-2023-42719)
The vulnerability allows a remote attacker to gain access to sensitive information.
The vulnerability exists due to a possible out of bounds read due to a incorrect bounds check within the video service in Android. A remote attacker can gain access to sensitive information.
21) Information exposure (CVE-ID: CVE-2023-42734)
The vulnerability allows a local application to gain access to sensitive information.
The vulnerability exists due to a possible missing permission check within the telephony service in Android. A local application can gain access to sensitive information.
22) Missing Authorization (CVE-ID: CVE-2023-42736)
The vulnerability allows a local application to manipulate or delete data.
The vulnerability exists due to a possible missing permission check within the telecom service in Android. A local application can manipulate or delete data.
23) Information exposure (CVE-ID: CVE-2023-42717)
The vulnerability allows a local application to gain access to sensitive information.
The vulnerability exists due to a possible missing permission check within the telephony service in Android. A local application can gain access to sensitive information.
24) Missing Authorization (CVE-ID: CVE-2023-42748)
The vulnerability allows a local application to manipulate or delete data.
The vulnerability exists due to a possible missing permission check within the telecom service in Android. A local application can manipulate or delete data.
25) Stack-based buffer overflow (CVE-ID: CVE-2022-48461)
The vulnerability allows a local application to execute arbitrary code.
The vulnerability exists due to a possible out of bounds write due to a missing bounds check within the sensor driver in Kernel. A local application can execute arbitrary code.
26) Incorrect Permission Assignment for Critical Resource (CVE-ID: CVE-2022-48459)
The vulnerability allows a local application to crash the entire system.
The vulnerability exists due to a possible system crash due to improper input validation within the TeleService in Android. A local application can crash the entire system.
27) Incorrect Permission Assignment for Critical Resource (CVE-ID: CVE-2022-48458)
The vulnerability allows a local application to crash the entire system.
The vulnerability exists due to a possible system crash due to improper input validation within the TeleService in Android. A local application can crash the entire system.
28) Incorrect Permission Assignment for Critical Resource (CVE-ID: CVE-2022-48457)
The vulnerability allows a local application to crash the entire system.
The vulnerability exists due to a possible system crash due to improper input validation within the TeleService in Android. A local application can crash the entire system.
29) Memory corruption (CVE-ID: CVE-2022-48456)
The vulnerability allows a local application to execute arbitrary code.
The vulnerability exists due to a possible out of bounds write due to a incorrect bounds check within the camera driver in Kernel. A local application can execute arbitrary code.
30) Buffer overflow (CVE-ID: CVE-2022-48455)
The vulnerability allows a local application to execute arbitrary code.
The vulnerability exists due to a possible out of bounds write due to a missing bounds check within the wifi service in Android. A local application can execute arbitrary code.
31) Buffer overflow (CVE-ID: CVE-2022-48454)
The vulnerability allows a local application to execute arbitrary code.
The vulnerability exists due to a possible out of bounds write due to a missing bounds check within the wifi service in Android. A local application can execute arbitrary code.
32) Information exposure (CVE-ID: CVE-2023-42749)
The vulnerability allows a local application to gain access to sensitive information.
The vulnerability exists due to a possible way to write permission usage records of an app due to a missing permission check within the enginnermode service in Android. A local application can gain access to sensitive information.
33) Missing Authorization (CVE-ID: CVE-2023-42747)
The vulnerability allows a local application to manipulate or delete data.
The vulnerability exists due to a possible missing permission check within the camera service in Android. A local application can manipulate or delete data.
34) Information exposure (CVE-ID: CVE-2023-42737)
The vulnerability allows a local application to gain access to sensitive information.
The vulnerability exists due to a possible way to write permission usage records of an app due to a missing permission check within the telecom service in Android. A local application can gain access to sensitive information.
35) Missing Authorization (CVE-ID: CVE-2023-42746)
The vulnerability allows a local application to manipulate or delete data.
The vulnerability exists due to a possible missing permission check within the power manager in Android. A local application can manipulate or delete data.
36) Missing Authorization (CVE-ID: CVE-2023-42745)
The vulnerability allows a local application to manipulate or delete data.
The vulnerability exists due to a possible missing permission check within the telecom service in Android. A local application can manipulate or delete data.
37) Missing Authorization (CVE-ID: CVE-2023-42744)
The vulnerability allows a local application to manipulate or delete data.
The vulnerability exists due to a possible missing permission check within the telecom service in Android. A local application can manipulate or delete data.
38) Missing Authorization (CVE-ID: CVE-2023-42743)
The vulnerability allows a local application to manipulate or delete data.
The vulnerability exists due to a possible missing permission check within the telecom service in Android. A local application can manipulate or delete data.
39) Missing Authorization (CVE-ID: CVE-2023-42742)
The vulnerability allows a local application to manipulate or delete data.
The vulnerability exists due to a possible missing permission check within the sysui in Android. A local application can manipulate or delete data.
40) Information exposure (CVE-ID: CVE-2023-42741)
The vulnerability allows a local application to gain access to sensitive information.
The vulnerability exists due to a possible way to write permission usage records of an app due to a missing permission check within the telecom service in Android. A local application can gain access to sensitive information.
41) Missing Authorization (CVE-ID: CVE-2023-42740)
The vulnerability allows a local application to manipulate or delete data.
The vulnerability exists due to a possible way to write permission usage records of an app due to a missing permission check within the telecom service in Android. A local application can manipulate or delete data.
42) Information exposure (CVE-ID: CVE-2023-42739)
The vulnerability allows a local application to gain access to sensitive information.
The vulnerability exists due to a possible way to write permission usage records of an app due to a missing permission check within the engineermode service in Android. A local application can gain access to sensitive information.
43) Missing Authorization (CVE-ID: CVE-2023-42738)
The vulnerability allows a local application to manipulate or delete data.
The vulnerability exists due to a possible missing permission check within the telocom service in Android. A local application can manipulate or delete data.
44) Information exposure (CVE-ID: CVE-2023-42718)
The vulnerability allows a local application to gain access to sensitive information.
The vulnerability exists due to a possible way to write permission usage records of an app due to a missing permission check within the dialer in Android. A local application can gain access to sensitive information.
45) Information exposure (CVE-ID: CVE-2023-42716)
The vulnerability allows a local application to gain access to sensitive information.
The vulnerability exists due to a possible missing permission check within the telephony service in Android. A local application can gain access to sensitive information.
46) Information exposure (CVE-ID: CVE-2023-42671)
The vulnerability allows a local application to gain access to sensitive information.
The vulnerability exists due to a possible way to write permission usage records of an app due to a missing permission check within the imsservice in Android. A local application can gain access to sensitive information.
47) Buffer overflow (CVE-ID: CVE-2023-42682)
The vulnerability allows a local privileged application to damange or delete data.
The vulnerability exists due to a possible out of bounds write due to a missing bounds check within the gsp driver in Kernel. A local privileged application can damange or delete data.
48) Missing Authorization (CVE-ID: CVE-2023-42690)
The vulnerability allows a local application to perform service disruption.
The vulnerability exists due to a possible missing permission check within the wifi service in Android. A local application can perform service disruption.
49) Missing Authorization (CVE-ID: CVE-2023-42689)
The vulnerability allows a local application to perform service disruption.
The vulnerability exists due to a possible missing permission check within the wifi service in Android. A local application can perform service disruption.
50) Missing Authorization (CVE-ID: CVE-2023-42688)
The vulnerability allows a local application to perform service disruption.
The vulnerability exists due to a possible missing permission check within the wifi service in Android. A local application can perform service disruption.
51) Missing Authorization (CVE-ID: CVE-2023-42687)
The vulnerability allows a local application to gain access to sensitive information.
The vulnerability exists due to a possible missing permission check within the wifi service in Android. A local application can gain access to sensitive information.
52) Missing Authorization (CVE-ID: CVE-2023-42686)
The vulnerability allows a local application to perform service disruption.
The vulnerability exists due to a possible missing permission check within the wifi service in Android. A local application can perform service disruption.
53) Missing Authorization (CVE-ID: CVE-2023-42685)
The vulnerability allows a local application to perform service disruption.
The vulnerability exists due to a possible missing permission check within the wifi service in Android. A local application can perform service disruption.
54) Out-of-bounds read (CVE-ID: CVE-2023-42684)
The vulnerability allows a local privileged application to damange or delete data.
The vulnerability exists due to a possible out of bounds read due to a missing bounds check within the gsp driver in Kernel. A local privileged application can damange or delete data.
55) Out-of-bounds read (CVE-ID: CVE-2023-42683)
The vulnerability allows a local privileged application to damange or delete data.
The vulnerability exists due to a possible out of bounds read due to a missing bounds check within the gsp driver in Kernel. A local privileged application can damange or delete data.
56) Missing Authorization (CVE-ID: CVE-2023-42681)
The vulnerability allows a local application to manipulate or delete data.
The vulnerability exists due to a possible missing permission check within the ion service in Android. A local application can manipulate or delete data.
57) Missing Authorization (CVE-ID: CVE-2023-42692)
The vulnerability allows a local application to gain access to sensitive information.
The vulnerability exists due to a possible missing permission check within the wifi service in Android. A local application can gain access to sensitive information.
58) Out-of-bounds read (CVE-ID: CVE-2023-42680)
The vulnerability allows a local privileged application to damange or delete data.
The vulnerability exists due to a possible out of bounds read due to a missing bounds check within the gpu driver in Kernel. A local privileged application can damange or delete data.
59) Out-of-bounds write (CVE-ID: CVE-2023-42679)
The vulnerability allows a local privileged application to read and manipulate data.
The vulnerability exists due to a possible out of bounds write due to a missing bounds check within the gpu driver in Android. A local privileged application can read and manipulate data.
60) Information exposure (CVE-ID: CVE-2023-42678)
The vulnerability allows a local application to gain access to sensitive information.
The vulnerability exists due to a possible way to write permission usage records of an app due to a missing permission check within the imsservice in Android. A local application can gain access to sensitive information.
61) Information exposure (CVE-ID: CVE-2023-42677)
The vulnerability allows a local application to gain access to sensitive information.
The vulnerability exists due to a possible way to write permission usage records of an app due to a missing permission check within the imsservice in Android. A local application can gain access to sensitive information.
62) Information exposure (CVE-ID: CVE-2023-42676)
The vulnerability allows a local application to gain access to sensitive information.
The vulnerability exists due to a possible way to write permission usage records of an app due to a missing permission check within the imsservice in Android. A local application can gain access to sensitive information.
63) Information exposure (CVE-ID: CVE-2023-42675)
The vulnerability allows a local application to gain access to sensitive information.
The vulnerability exists due to a possible way to write permission usage records of an app due to a missing permission check within the imsservice in Android. A local application can gain access to sensitive information.
64) Information exposure (CVE-ID: CVE-2023-42674)
The vulnerability allows a local application to gain access to sensitive information.
The vulnerability exists due to a possible way to write permission usage records of an app due to a missing permission check within the imsservice in Android. A local application can gain access to sensitive information.
65) Information exposure (CVE-ID: CVE-2023-42673)
The vulnerability allows a local application to gain access to sensitive information.
The vulnerability exists due to a possible way to write permission usage records of an app due to a missing permission check within the imsservice in Android. A local application can gain access to sensitive information.
66) Information exposure (CVE-ID: CVE-2023-42672)
The vulnerability allows a local application to gain access to sensitive information.
The vulnerability exists due to a possible way to write permission usage records of an app due to a missing permission check within the imsservice in Android. A local application can gain access to sensitive information.
67) Missing Authorization (CVE-ID: CVE-2023-42691)
The vulnerability allows a local application to gain access to sensitive information.
The vulnerability exists due to a possible missing permission check within the wifi service in Android. A local application can gain access to sensitive information.
68) Missing Authorization (CVE-ID: CVE-2023-42693)
The vulnerability allows a local application to perform service disruption.
The vulnerability exists due to a possible missing permission check within the wifi service in Android. A local application can perform service disruption.
69) Information exposure (CVE-ID: CVE-2023-42715)
The vulnerability allows a local application to gain access to sensitive information.
The vulnerability exists due to a possible missing permission check within the telephony service in Android. A local application can gain access to sensitive information.
70) Information exposure (CVE-ID: CVE-2023-42705)
The vulnerability allows a local application to gain access to sensitive information.
The vulnerability exists due to a possible way to write permission usage records of an app due to a missing permission check within the imsservice in Android. A local application can gain access to sensitive information.
71) Information exposure (CVE-ID: CVE-2023-42714)
The vulnerability allows a local application to gain access to sensitive information.
The vulnerability exists due to a possible way to write permission usage records of an app due to a missing permission check within the firewall service in Android. A local application can gain access to sensitive information.
72) Information exposure (CVE-ID: CVE-2023-42713)
The vulnerability allows a local application to gain access to sensitive information.
The vulnerability exists due to a possible way to write permission usage records of an app due to a missing permission check within the firewall service in Android. A local application can gain access to sensitive information.
73) Information exposure (CVE-ID: CVE-2023-42712)
The vulnerability allows a local application to gain access to sensitive information.
The vulnerability exists due to a possible way to write permission usage records of an app due to a missing permission check within the firewall service in Android. A local application can gain access to sensitive information.
74) Information exposure (CVE-ID: CVE-2023-42711)
The vulnerability allows a local application to gain access to sensitive information.
The vulnerability exists due to a possible way to write permission usage records of an app due to a missing permission check within the firewall service in Android. A local application can gain access to sensitive information.
75) Information exposure (CVE-ID: CVE-2023-42710)
The vulnerability allows a local application to gain access to sensitive information.
The vulnerability exists due to a possible way to write permission usage records of an app due to a missing permission check within the firewall service in Android. A local application can gain access to sensitive information.
76) Information exposure (CVE-ID: CVE-2023-42709)
The vulnerability allows a local application to gain access to sensitive information.
The vulnerability exists due to a possible way to write permission usage records of an app due to a missing permission check within the firewall service in Android. A local application can gain access to sensitive information.
77) Information exposure (CVE-ID: CVE-2023-42708)
The vulnerability allows a local application to gain access to sensitive information.
The vulnerability exists due to a possible way to write permission usage records of an app due to a missing permission check within the firewall service in Android. A local application can gain access to sensitive information.
78) Information exposure (CVE-ID: CVE-2023-42707)
The vulnerability allows a local application to gain access to sensitive information.
The vulnerability exists due to a possible way to write permission usage records of an app due to a missing permission check within the firewall service in Android. A local application can gain access to sensitive information.
79) Information exposure (CVE-ID: CVE-2023-42706)
The vulnerability allows a local application to gain access to sensitive information.
The vulnerability exists due to a possible way to write permission usage records of an app due to a missing permission check within the firewall service in Android. A local application can gain access to sensitive information.
80) Information exposure (CVE-ID: CVE-2023-42704)
The vulnerability allows a local application to gain access to sensitive information.
The vulnerability exists due to a possible way to write permission usage records of an app due to a missing permission check within the imsservice in Android. A local application can gain access to sensitive information.
81) Missing Authorization (CVE-ID: CVE-2023-42694)
The vulnerability allows a local application to perform service disruption.
The vulnerability exists due to a possible missing permission check within the wifi service in Android. A local application can perform service disruption.
82) Information exposure (CVE-ID: CVE-2023-42703)
The vulnerability allows a local application to gain access to sensitive information.
The vulnerability exists due to a possible way to write permission usage records of an app due to a missing permission check within the firewall service in Android. A local application can gain access to sensitive information.
83) Information exposure (CVE-ID: CVE-2023-42702)
The vulnerability allows a local application to gain access to sensitive information.
The vulnerability exists due to a possible way to write permission usage records of an app due to a missing permission check within the firewall service in Android. A local application can gain access to sensitive information.
84) Information exposure (CVE-ID: CVE-2023-42701)
The vulnerability allows a local application to gain access to sensitive information.
The vulnerability exists due to a possible way to write permission usage records of an app due to a missing permission check within the firewall service in Android. A local application can gain access to sensitive information.
85) Information exposure (CVE-ID: CVE-2023-42700)
The vulnerability allows a local application to gain access to sensitive information.
The vulnerability exists due to a possible way to write permission usage records of an app due to a missing permission check within the firewall service in Android. A local application can gain access to sensitive information.
86) Information exposure (CVE-ID: CVE-2023-42699)
The vulnerability allows a local application to gain access to sensitive information.
The vulnerability exists due to a possible way to write permission usage records of an app due to a missing permission check within the omacp service in Android. A local application can gain access to sensitive information.
87) Information exposure (CVE-ID: CVE-2023-42698)
The vulnerability allows a local application to gain access to sensitive information.
The vulnerability exists due to a possible way to write permission usage records of an app due to a missing permission check within the omacp service in Android. A local application can gain access to sensitive information.
88) Information exposure (CVE-ID: CVE-2023-42697)
The vulnerability allows a local application to gain access to sensitive information.
The vulnerability exists due to a possible way to write permission usage records of an app due to a missing permission check within the omacp service in Android. A local application can gain access to sensitive information.
89) Missing Authorization (CVE-ID: CVE-2023-42696)
The vulnerability allows a remote attacker to crash the entire system.
The vulnerability exists due to a possible missing permission check within the telecom service in Android. A remote attacker can trick the victim to open a specially crafted file and crash the entire system.
90) Missing Authorization (CVE-ID: CVE-2023-42695)
The vulnerability allows a local application to gain access to sensitive information.
The vulnerability exists due to a possible missing permission check within the wifi service in Android. A local application can gain access to sensitive information.
Remediation
Install update from vendor's website.