Security Bulletin
- Security CVES
- High CVE-2022-20440,CVE-2022-20439,CVE-2022-20438,CVE-2022-20437,CVE-2022-20436,CVE-2022-20435,CVE-2022-20434,CVE-2022-20433,CVE-2022-20432,CVE-2022-20431,CVE-2022-20430,CVE-2022-39119
- CVE ID CVE-2022-20440
- Title Denial of service in Messaging service
- Description
In Messaging, There has unauthorized broadcast, this could cause Local Deny of Service
- Technology Area Android
- Vulnerability Type CWE-862 Missing Authorization
- Access Vector Local
- CVSS Rating High
- CVSS Score 7.3
- CVSS String CVSS:3.1, AV:N, AC:L, PR:N, UI:N, S:U, C:L, I:L, A:L
- Affected Chipsets*
SC9863A/SC9832E/SC7731E/T610/T310/T606/T760/T610/T618/T606/T612/T616/T760/T770/T820/S8000
- Affected Software Versions
Android10/Android11/Android12
- CVE ID CVE-2022-20439
- Title Denial of service in Messaging service
- Description
In Messaging, There has unauthorized provider, this could cause Local Deny of Service.
- Technology Area Android
- Vulnerability Type CWE-862 Missing Authorization
- Access Vector Local
- CVSS Rating High
- CVSS Score 7.3
- CVSS String CVSS:3.1, AV:N, AC:L, PR:N, UI:N, S:U, C:L, I:L, A:L
- Affected Chipsets*
SC9863A/SC9832E/SC7731E/T610/T310/T606/T760/T610/T618/T606/T612/T616/T760/T770/T820/S8000
- Affected Software Versions
Android10/Android11/Android12
- CVE ID CVE-2022-20438
- Title Denial of service in Messaging service
- Description
In Messaging, There has unauthorized broadcast, this could cause Local Deny of Service
- Technology Area Android
- Vulnerability Type CWE-862 Missing Authorization
- Access Vector Local
- CVSS Rating High
- CVSS Score 7.3
- CVSS String CVSS:3.1, AV:N, AC:L, PR:N, UI:N, S:U, C:L, I:L, A:L
- Affected Chipsets*
SC9863A/SC9832E/SC7731E/T610/T310/T606/T760/T610/T618/T606/T612/T616/T760/T770/T820/S8000
- Affected Software Versions
Android10/Android11/Android12
- CVE ID CVE-2022-20437
- Title Denial of service in Messaging service
- Description
In Messaging, There has unauthorized broadcast, this could cause Local Deny of Service
- Technology Area Android
- Vulnerability Type CWE-862 Missing Authorization
- Access Vector Local
- CVSS Rating High
- CVSS Score 7.3
- CVSS String CVSS:3.1, AV:N, AC:L, PR:N, UI:N, S:U, C:L, I:L, A:L
- Affected Chipsets*
SC9863A/SC9832E/SC7731E/T610/T310/T606/T760/T610/T618/T606/T612/T616/T760/T770/T820/S8000
- Affected Software Versions
Android10/Android11/Android12
- CVE ID CVE-2022-20436
- Title Elevation of privilege in Settings service
- Description
There is an unauthorized service in the system service. Since the component does not have permission check, resulting in Local Elevation of privilege
- Technology Area Android
- Vulnerability Type CWE-862 Missing Authorization
- Access Vector Local
- CVSS Rating High
- CVSS Score 7.3
- CVSS String CVSS:3.1, AV:N, AC:L, PR:N, UI:N, S:U, C:L, I:L, A:L
- Affected Chipsets*
SC9863A/SC9832E/SC7731E/T610/T310/T606/T760/T610/T618/T606/T612/T616/T760/T770/T820/S8000
- Affected Software Versions
Android10/Android11/Android12
- CVE ID CVE-2022-20435
- Title Elevation of privilege in Settings service
- Description
There is a Unauthorized service in the system service, may cause the system reboot. Since the component does not have permission check and permission protection, resulting in EoP problem
- Technology Area Android
- Vulnerability Type CWE-862 Missing Authorization
- Access Vector Local
- CVSS Rating High
- CVSS Score 7.3
- CVSS String High
- Affected Chipsets*
SC9863A/SC9832E/SC7731E/T610/T310/T606/T760/T610/T618/T606/T612/T616/T760/T770/T820/S8000
- Affected Software Versions
Android10/Android11/Android12
- CVE ID CVE-2022-20434
- Title Elevation of privilege in telephony service
- Description
There is an missing authorization issue in the system service. Since the component does not have permission check , resulting in Local Elevation of privilege
- Technology Area Android
- Vulnerability Type CWE-862 Missing Authorization
- Access Vector Local
- CVSS Rating High
- CVSS Score 7.3
- CVSS String CVSS:3.1, AV:N, AC:L, PR:N, UI:N, S:U, C:L, I:L, A:L
- Affected Chipsets*
SC9863A/SC9832E/SC7731E/T610/T310/T606/T760/T610/T618/T606/T612/T616/T760/T770/T820/S8000
- Affected Software Versions
Android10/Android11/Android12
- CVE ID CVE-2022-20433
- Title Elevation of privilege in telephony service
- Description
There is an missing authorization issue in the system service. Since the component does not have permission check , resulting in Local Elevation of privilege
- Technology Area Android
- Vulnerability Type CWE-862 Missing Authorization
- Access Vector Local
- CVSS Rating High
- CVSS Score 7.3
- CVSS String CVSS:3.1, AV:N, AC:L, PR:N, UI:N, S:U, C:L, I:L, A:L
- Affected Chipsets*
SC9863A/SC9832E/SC7731E/T610/T310/T606/T760/T610/T618/T606/T612/T616/T760/T770/T820/S8000
- Affected Software Versions
Android10/Android11/Android12
- CVE ID CVE-2022-20432
- Title Elevation of privilege in telephony service
- Description
There is an missing authorization issue in the system service. Since the component does not have permission check , resulting in Local Elevation of privilege
- Technology Area Android
- Vulnerability Type CWE-862 Missing Authorization
- Access Vector Local
- CVSS Rating High
- CVSS Score 7.3
- CVSS String CVSS:3.1, AV:N, AC:L, PR:N, UI:N, S:U, C:L, I:L, A:L
- Affected Chipsets*
SC9863A/SC9832E/SC7731E/T610/T310/T606/T760/T610/T618/T606/T612/T616/T760/T770/T820/S8000
- Affected Software Versions
Android10/Android11/Android12
- CVE ID CVE-2022-20431
- Title Elevation of privilege in telephony service
- Description
There is an missing authorization issue in the system service. Since the component does not have permission check , resulting in Local Elevation of privilege
- Technology Area Android
- Vulnerability Type CWE-862 Missing Authorization
- Access Vector Local
- CVSS Rating High
- CVSS Score 7.3
- CVSS String CVSS:3.1, AV:N, AC:L, PR:N, UI:N, S:U, C:L, I:L, A:L
- Affected Chipsets*
SC9863A/SC9832E/SC7731E/T610/T310/T606/T760/T610/T618/T606/T612/T616/T760/T770/T820/S8000
- Affected Software Versions
Android10/Android11/Android12
- CVE ID CVE-2022-20430
- Title Elevation of privilege in telephony service
- Description
There is an missing authorization issue in the system service. Since the component does not have permission check , resulting in Local Elevation of privilege
- Technology Area Android
- Vulnerability Type CWE-862 Missing Authorization
- Access Vector Local
- CVSS Rating High
- CVSS Score 7.3
- CVSS String CVSS:3.1, AV:N, AC:L, PR:N, UI:N, S:U, C:L, I:L, A:L
- Affected Chipsets*
CVSS:3.1, SC9863A/SC9832E/SC7731E/T610/T310/T606/T760/T610/T618/T606/T612/T616/T760/T770/T820/S8000
- Affected Software Versions
Android10/Android11/Android12
- CVE ID CVE-2022-39119
- Title Elevation of privilege in network service
- Description
In network service, there is aIn network service, there is a missing permission check. This could lead to local escalation of privilege with no additional execution privileges needed. A10:PATCH01049097, A11: PATCH01049113, A12: PATCH01049126
- Technology Area Android
- Vulnerability Type CWE-862 Missing Authorization
- Access Vector Local
- CVSS Rating High
- CVSS Score 7.2
- CVSS String CVSS:3.1/AV:L/AC:H/PR:H/UI:R/S:C/C:H/I:H/A:H
- Affected Chipsets*
SC9863A/SC9832E/SC7731E/T610/T310/T606/T760/T610/T618/T606/T612/T616/T760/T770/T820/S8000
- Affected Software Versions
Android10/Android11/Android12
*The list of affected chipsets may not be complete. For latest information, device OEMs can contact directly at https://unisupport.unisoc.com
- Abbreviation Interpretation
- RCE Remote Code Execution
- EoP Elevation of Privilege
- ID Information Disclosure
- DoS Denial of Service
- N/A Classification not available
- Version Date Description
- 1.0 2022-10-05