Multiple vulnerabilities in Unisoc chipsets
| Risk | Low |
| Patch available | YES |
| Number of vulnerabilities | 4 |
| CVE-ID | CVE-2024-39430 CVE-2024-39429 CVE-2024-39428 CVE-2024-39427 |
| CWE-ID | CWE-787 |
| Exploitation vector | Local |
| Public exploit | N/A |
| Vulnerable software Subscribe |
SC7731E Mobile applications / Mobile firmware & hardware SC9832E Mobile applications / Mobile firmware & hardware SC9863A Mobile applications / Mobile firmware & hardware T310 Mobile applications / Mobile firmware & hardware T606 Mobile applications / Mobile firmware & hardware T612 Mobile applications / Mobile firmware & hardware T616 Mobile applications / Mobile firmware & hardware T610 Mobile applications / Mobile firmware & hardware T618 Mobile applications / Mobile firmware & hardware T760 Mobile applications / Mobile firmware & hardware T770 Mobile applications / Mobile firmware & hardware T820 Mobile applications / Mobile firmware & hardware S8000 Mobile applications / Mobile firmware & hardware |
| Vendor | UNISOC |
Security Bulletin
This security bulletin contains information about 4 vulnerabilities.
1) Out-of-bounds write
EUVDB-ID: #VU93562
Risk: Low
CVSSv3.1: 3.9 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:L/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-39430
CWE-ID:
CWE-787 - Out-of-bounds write
Exploit availability: No
DescriptionThe vulnerability allows a local application to manipulate or delete data.
The vulnerability exists due to a possible out of bounds write due to a missing bounds check within the faceid servive in Android. A local application can manipulate or delete data.
MitigationInstall security update from vendor's website.
Vulnerable software versionsSC7731E: All versions
SC9832E: All versions
SC9863A: All versions
T310: All versions
T606: All versions
T612: All versions
T616: All versions
T610: All versions
T618: All versions
CPE2.3- cpe:2.3:a:unisoc:sc7731e:*:*:*:*:*:*:*:*
- cpe:2.3:a:unisoc:sc9832e:*:*:*:*:*:*:*:*
- cpe:2.3:a:unisoc:sc9863a:*:*:*:*:*:*:*:*
- cpe:2.3:a:unisoc:t310:*:*:*:*:*:*:*:*
- cpe:2.3:a:unisoc:t606:*:*:*:*:*:*:*:*
- cpe:2.3:a:unisoc:t612:*:*:*:*:*:*:*:*
- cpe:2.3:a:unisoc:t616:*:*:*:*:*:*:*:*
- cpe:2.3:a:unisoc:t610:*:*:*:*:*:*:*:*
- cpe:2.3:a:unisoc:t618:*:*:*:*:*:*:*:*
http://www.unisoc.com/en_us/secy/announcementDetail/1807576926177525762
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
2) Out-of-bounds write
EUVDB-ID: #VU93563
Risk: Low
CVSSv3.1: 3.9 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:L/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-39429
CWE-ID:
CWE-787 - Out-of-bounds write
Exploit availability: No
DescriptionThe vulnerability allows a local application to manipulate or delete data.
The vulnerability exists due to a possible out of bounds write due to a missing bounds check within the faceid servive in Android. A local application can manipulate or delete data.
MitigationInstall security update from vendor's website.
Vulnerable software versionsSC7731E: All versions
SC9832E: All versions
SC9863A: All versions
T310: All versions
T606: All versions
T612: All versions
T616: All versions
T610: All versions
T618: All versions
CPE2.3- cpe:2.3:a:unisoc:sc7731e:*:*:*:*:*:*:*:*
- cpe:2.3:a:unisoc:sc9832e:*:*:*:*:*:*:*:*
- cpe:2.3:a:unisoc:sc9863a:*:*:*:*:*:*:*:*
- cpe:2.3:a:unisoc:t310:*:*:*:*:*:*:*:*
- cpe:2.3:a:unisoc:t606:*:*:*:*:*:*:*:*
- cpe:2.3:a:unisoc:t612:*:*:*:*:*:*:*:*
- cpe:2.3:a:unisoc:t616:*:*:*:*:*:*:*:*
- cpe:2.3:a:unisoc:t610:*:*:*:*:*:*:*:*
- cpe:2.3:a:unisoc:t618:*:*:*:*:*:*:*:*
http://www.unisoc.com/en_us/secy/announcementDetail/1807576926177525762
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
3) Out-of-bounds write
EUVDB-ID: #VU93564
Risk: Low
CVSSv3.1: 5.3 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-39428
CWE-ID:
CWE-787 - Out-of-bounds write
Exploit availability: No
DescriptionThe vulnerability allows a local application to damange or delete data.
The vulnerability exists due to a possible out of bounds write due to a missing bounds check within the trusty service in Android. A local application can damange or delete data.
MitigationInstall security update from vendor's website.
Vulnerable software versionsSC7731E: All versions
SC9832E: All versions
SC9863A: All versions
T310: All versions
T606: All versions
T612: All versions
T616: All versions
T610: All versions
T618: All versions
T760: All versions
T770: All versions
T820: All versions
S8000: All versions
CPE2.3- cpe:2.3:a:unisoc:sc7731e:*:*:*:*:*:*:*:*
- cpe:2.3:a:unisoc:sc9832e:*:*:*:*:*:*:*:*
- cpe:2.3:a:unisoc:sc9863a:*:*:*:*:*:*:*:*
- cpe:2.3:a:unisoc:t310:*:*:*:*:*:*:*:*
- cpe:2.3:a:unisoc:t606:*:*:*:*:*:*:*:*
- cpe:2.3:a:unisoc:t612:*:*:*:*:*:*:*:*
- cpe:2.3:a:unisoc:t616:*:*:*:*:*:*:*:*
- cpe:2.3:a:unisoc:t610:*:*:*:*:*:*:*:*
- cpe:2.3:a:unisoc:t618:*:*:*:*:*:*:*:*
- cpe:2.3:a:unisoc:t760:*:*:*:*:*:*:*:*
- cpe:2.3:a:unisoc:t770:*:*:*:*:*:*:*:*
- cpe:2.3:a:unisoc:t820:*:*:*:*:*:*:*:*
- cpe:2.3:a:unisoc:s8000:*:*:*:*:*:*:*:*
http://www.unisoc.com/en_us/secy/announcementDetail/1807576926177525762
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
4) Out-of-bounds write
EUVDB-ID: #VU93565
Risk: Low
CVSSv3.1: 3.9 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:L/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-39427
CWE-ID:
CWE-787 - Out-of-bounds write
Exploit availability: No
DescriptionThe vulnerability allows a local application to manipulate or delete data.
The vulnerability exists due to a possible out of bounds write due to a missing bounds check within the trusty service in Android. A local application can manipulate or delete data.
MitigationInstall security update from vendor's website.
Vulnerable software versionsSC7731E: All versions
SC9832E: All versions
SC9863A: All versions
T310: All versions
T606: All versions
T612: All versions
T616: All versions
T610: All versions
T618: All versions
T760: All versions
T770: All versions
T820: All versions
S8000: All versions
CPE2.3- cpe:2.3:a:unisoc:sc7731e:*:*:*:*:*:*:*:*
- cpe:2.3:a:unisoc:sc9832e:*:*:*:*:*:*:*:*
- cpe:2.3:a:unisoc:sc9863a:*:*:*:*:*:*:*:*
- cpe:2.3:a:unisoc:t310:*:*:*:*:*:*:*:*
- cpe:2.3:a:unisoc:t606:*:*:*:*:*:*:*:*
- cpe:2.3:a:unisoc:t612:*:*:*:*:*:*:*:*
- cpe:2.3:a:unisoc:t616:*:*:*:*:*:*:*:*
- cpe:2.3:a:unisoc:t610:*:*:*:*:*:*:*:*
- cpe:2.3:a:unisoc:t618:*:*:*:*:*:*:*:*
- cpe:2.3:a:unisoc:t760:*:*:*:*:*:*:*:*
- cpe:2.3:a:unisoc:t770:*:*:*:*:*:*:*:*
- cpe:2.3:a:unisoc:t820:*:*:*:*:*:*:*:*
- cpe:2.3:a:unisoc:s8000:*:*:*:*:*:*:*:*
http://www.unisoc.com/en_us/secy/announcementDetail/1807576926177525762
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
