Security Bulletin

Summary
  • Security CVES
  • Medium CVE-2025-31712,CVE-2025-31711,CVE-2025-31710
Minutia
  • CVE ID CVE-2025-31712
  • Title Buffer Copy without Checking Size of Input ('Classic Buffer Overflow') in cplog service
  • Description

    In cplog service, there is a possible out of bounds write due to a missing bounds check. This could lead to local denial of service with no additional execution privileges needed.

  • Technology Area Android
  • Vulnerability Type CWE-120 Buffer Copy without Checking Size of Input
  • Access Vector Local
  • CVSS Rating Medium
  • CVSS Score 5.1
  • CVSS String CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:L
  • Affected Chipsets*

    SC7731E/SC9832E/SC9863A/T310/T606/T612/T616/T610/T618/T750/T765/T760/T770/T820/S8000/T8300/T9300

  • Affected Software Versions

    Android13/Android14/Android15

  • CVE ID CVE-2025-31711
  • Title NULL Pointer Dereference in cplog service
  • Description

    In cplog service, there is a possible system crash due to null pointer dereference. This could lead to local denial of service with no additional execution privileges needed.

  • Technology Area Android
  • Vulnerability Type CWE-476 NULL Pointer Dereference
  • Access Vector Local
  • CVSS Rating Medium
  • CVSS Score 5.1
  • CVSS String CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:L
  • Affected Chipsets*

    SC7731E/SC9832E/SC9863A/T310/T606/T612/T616/T610/T618/T750/T765/T760/T770/T820/S8000/T8300/T9300

  • Affected Software Versions

    Android13/Android14/Android15

  • CVE ID CVE-2025-31710
  • Title Improper Neutralization of Special Elements used in a Command ('Command Injection') in engineermode service
  • Description

    In engineermode service, there is a possible command injection due to improper input validation. This could lead to local escalation of privilege with no additional execution privileges needed.

  • Technology Area Android
  • Vulnerability Type CWE-77 Improper Neutralization of Special Elements used in a Com
  • Access Vector Local
  • CVSS Rating Medium
  • CVSS Score 5.9
  • CVSS String CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L
  • Affected Chipsets*

    SC9863A/T606/T612/T616/T750/T765/T760/T770/T820/S8000/T8300/T9300

  • Affected Software Versions

    Android13/Android14/Android15

*The list of affected chipsets may not be complete. For latest information, device OEMs can contact directly at https://unisupport.unisoc.com

Vulnerability type definition
  • Abbreviation Interpretation
  • RCE Remote Code Execution
  • EoP Elevation of Privilege
  • ID Information Disclosure
  • DoS Denial of Service
  • N/A Classification not available
Version
  • Version Date Description
  • 1.0 2025-06-30