SB2024011521 - Multiple vulnerabilities in Unisoc chipsets
Published: January 15, 2024
Breakdown by Severity
- Low
- Medium
- High
- Critical
Description
This security bulletin contains information about 21 secuirty vulnerabilities.
1) Out-of-bounds write (CVE-ID: CVE-2023-48340)
The vulnerability allows a remote attacker to perform a denial of service (DoS) attack.
The vulnerability exists due to a possible out of bounds write due to improper input validation within the video decoder in Android. A remote attacker can perform a denial of service (DoS) attack.
2) Out-of-bounds write (CVE-ID: CVE-2023-48352)
The vulnerability allows a local application to execute arbitrary code.
The vulnerability exists due to a possible out of bounds write due to a missing bounds check within the phasecheckserver in Android. A local application can execute arbitrary code.
3) Out-of-bounds write (CVE-ID: CVE-2023-48351)
The vulnerability allows a remote attacker to perform a denial of service (DoS) attack.
The vulnerability exists due to a possible out of bounds write due to a missing bounds check within the video decoder in Android. A remote attacker can perform a denial of service (DoS) attack.
4) Out-of-bounds write (CVE-ID: CVE-2023-48350)
The vulnerability allows a remote attacker to perform a denial of service (DoS) attack.
The vulnerability exists due to a possible out of bounds write due to a missing bounds check within the video decoder in Android. A remote attacker can perform a denial of service (DoS) attack.
5) Out-of-bounds write (CVE-ID: CVE-2023-48349)
The vulnerability allows a remote attacker to perform a denial of service (DoS) attack.
The vulnerability exists due to a possible out of bounds write due to a missing bounds check within the video decoder in Android. A remote attacker can perform a denial of service (DoS) attack.
6) Out-of-bounds write (CVE-ID: CVE-2023-48348)
The vulnerability allows a remote attacker to perform a denial of service (DoS) attack.
The vulnerability exists due to a possible out of bounds write due to improper input validation within the video decoder in Android. A remote attacker can perform a denial of service (DoS) attack.
7) Buffer over-read (CVE-ID: CVE-2023-48344)
The vulnerability allows a remote attacker to perform a denial of service (DoS) attack.
The vulnerability exists due to a possible out of bounds read due to improper input validation within the video decoder in Android. A remote attacker can perform a denial of service (DoS) attack.
8) Out-of-bounds write (CVE-ID: CVE-2023-48343)
The vulnerability allows a remote attacker to perform a denial of service (DoS) attack.
The vulnerability exists due to a possible out of bounds write due to improper input validation within the video decoder in Android. A remote attacker can perform a denial of service (DoS) attack.
9) Out-of-bounds write (CVE-ID: CVE-2023-48342)
The vulnerability allows a remote attacker to perform a denial of service (DoS) attack.
The vulnerability exists due to a possible out of bounds write due to a missing bounds check within the media service in Android. A remote attacker can perform a denial of service (DoS) attack.
10) Out-of-bounds read (CVE-ID: CVE-2023-48341)
The vulnerability allows a remote attacker to access sensitive information or perform a denial of service (DoS) attack.
The vulnerability exists due to a possible out of bounds read due to improper input validation within the video decoder in Android. A remote attacker can access sensitive information or perform a denial of service (DoS) attack.
11) Out-of-bounds write (CVE-ID: CVE-2023-48359)
The vulnerability allows a local privileged application to damange or delete data.
The vulnerability exists due to a possible out of bounds write due to improper input validation within the autotest driver in Kernel. A local privileged application can damange or delete data.
12) Information exposure (CVE-ID: CVE-2023-48339)
The vulnerability allows a local privileged application to gain access to sensitive information.
The vulnerability exists due to a possible missing permission check within the jpg driver in Kernel. A local privileged application can gain access to sensitive information.
13) Out-of-bounds write (CVE-ID: CVE-2023-48358)
The vulnerability allows a local privileged application to damange or delete data.
The vulnerability exists due to a possible out of bounds write due to a missing bounds check within the drm driver in Kernel. A local privileged application can damange or delete data.
14) Out-of-bounds write (CVE-ID: CVE-2023-48357)
The vulnerability allows a local privileged application to damange or delete data.
The vulnerability exists due to a possible out of bounds write due to a missing bounds check within the vsp driver in Kernel. A local privileged application can damange or delete data.
15) Out-of-bounds write (CVE-ID: CVE-2023-48356)
The vulnerability allows a local application to damange or delete data.
The vulnerability exists due to a possible out of bounds write due to a missing bounds check within the jpg driver in Android. A local application can damange or delete data.
16) Out-of-bounds write (CVE-ID: CVE-2023-48355)
The vulnerability allows a local application to damange or delete data.
The vulnerability exists due to a possible out of bounds write due to a missing bounds check within the jpg driver in Android. A local application can damange or delete data.
17) Information exposure (CVE-ID: CVE-2023-48354)
The vulnerability allows a local application to gain access to sensitive information.
The vulnerability exists due to a possible improper input validation within the telephone service in Android. A local application can gain access to sensitive information.
18) Use After Free (CVE-ID: CVE-2023-48353)
The vulnerability allows a local privileged application to access sensitive information or perform a denial of service (DoS) attack.
The vulnerability exists due to a possible use after free due to a logic error within the vsp driver in Kernel. A local privileged application can access sensitive information or perform a denial of service (DoS) attack.
19) Out-of-bounds read (CVE-ID: CVE-2023-48347)
The vulnerability allows a remote attacker to perform service disruption.
The vulnerability exists due to a possible out of bounds read due to improper input validation within the video decoder in Android. A remote attacker can perform service disruption.
20) Improper input validation (CVE-ID: CVE-2023-48346)
The vulnerability allows a remote attacker to perform service disruption.
The vulnerability exists due to a possible improper input validation within the video decoder in Android. A remote attacker can perform service disruption.
21) Out-of-bounds read (CVE-ID: CVE-2023-48345)
The vulnerability allows a remote attacker to manipulate or delete data.
The vulnerability exists due to a possible out of bounds read due to improper input validation within the video decoder in Android. A remote attacker can manipulate or delete data.
Remediation
Install update from vendor's website.