Security Bulletin
- Security CVES
- High CVE-2023-49668,CVE-2023-49667
- Medium CVE-2023-49672,CVE-2023-49671,CVE-2023-49670,CVE-2023-49669
- CVE ID CVE-2023-49672
- Title Use After Free in ion driver
- Description
In ion driver, there is a possible use after free due to a logic error. This could lead to local denial of service with System execution privileges needed.
- Technology Area Kernel
- Vulnerability Type CWE-416 Use After Free
- Access Vector Local
- CVSS Rating Medium
- CVSS Score 6.2
- CVSS String CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
- Affected Chipsets*
SC7731E/SC9832E/SC9863A/T310/T606/T612/T616/T610/T618/T760/T770/T820/S8000
- Affected Software Versions
Android12/Android13
- CVE ID CVE-2023-49671
- Title Improper Input Validation in ion driver
- Description
In sprd_ion driver, there is a possible improper input validation. This could lead to local denial of service with System execution privileges needed.
- Technology Area Kernel
- Vulnerability Type CWE-20 Improper Input Validation
- Access Vector Local
- CVSS Rating Medium
- CVSS Score 6.2
- CVSS String CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
- Affected Chipsets*
SC7731E/SC9832E/SC9863A/T310/T606/T612/T616/T610/T618/T760/T770/T820/S8000
- Affected Software Versions
Android12/Android13
- CVE ID CVE-2023-49670
- Title Out-of-bounds Write in cp_dump driver
- Description
In cp_dump driver, there is a possible out of bounds write due to a missing bounds check. This could lead to local denial of service with System execution privileges needed.
- Technology Area Kernel
- Vulnerability Type CWE-787 Out-of-bounds Write
- Access Vector Local
- CVSS Rating Medium
- CVSS Score 6.2
- CVSS String CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
- Affected Chipsets*
SC9863A/T606/T612/T616/T610/T618/T760/T770/T820/S8000
- Affected Software Versions
Android12/Android13
- CVE ID CVE-2023-49669
- Title Out-of-bounds Write in cp_dump driver
- Description
In cp_dump driver, there is a possible out of bounds write due to a missing bounds check. This could lead to local denial of service with System execution privileges needed.
- Technology Area Kernel
- Vulnerability Type CWE-787 Out-of-bounds Write
- Access Vector Local
- CVSS Rating Medium
- CVSS Score 6.2
- CVSS String CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
- Affected Chipsets*
SC9863A/T606/T612/T616/T610/T618/T760/T770/T820/S8000
- Affected Software Versions
Android12/Android13
- CVE ID CVE-2023-49668
- Title Out-of-bounds Read in cp_dump driver
- Description
In cp_dump driver, there is a possible out of bounds read due to a missing bounds check. This could lead to local denial of service with System execution privileges needed.
- Technology Area Kernel
- Vulnerability Type CWE-125 Out-of-bounds Read
- Access Vector Local
- CVSS Rating High
- CVSS Score 8.4
- CVSS String CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
- Affected Chipsets*
SC9863A/T606/T612/T616/T610/T618/T760/T770/T820/S8000
- Affected Software Versions
Android12/Android13
- CVE ID CVE-2023-49667
- Title Buffer Over-read in cp dump driver
- Description
In cp dump driver, there is a possible out of bounds read due to a missing bounds check. This could lead to local escalation of privilege with System execution privileges needed.
- Technology Area Kernel
- Vulnerability Type CWE-126 Buffer Over-read
- Access Vector Local
- CVSS Rating High
- CVSS Score 8.4
- CVSS String CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
- Affected Chipsets*
SC9863A/T606/T612/T616/T610/T618/T760/T770/T820/S8000SC9863A/T606/T612/T616/T610/T618/T760/T770/T820/S8000
- Affected Software Versions
Android12/Android13
*The list of affected chipsets may not be complete. For latest information, device OEMs can contact directly at https://unisupport.unisoc.com
- Abbreviation Interpretation
- RCE Remote Code Execution
- EoP Elevation of Privilege
- ID Information Disclosure
- DoS Denial of Service
- N/A Classification not available
- Version Date Description
- 1.0 2024-02-05