Security Bulletin

Summary
  • Security CVES
  • Medium CVE-2024-23658,CVE-2023-52352,CVE-2023-52351,CVE-2023-52350,CVE-2023-52349,CVE-2023-52348,CVE-2023-52347,CVE-2023-52346,CVE-2023-52345,CVE-2023-52344,CVE-2023-52343,CVE-2023-52342,CVE-2023-52341
Minutia
  • CVE ID CVE-2024-23658
  • Title Use After Free in camera driver
  • Description

    In camera driver, there is a possible use after free due to a logic error. This could lead to local denial of service with System execution privileges needed.

  • Technology Area Kernel
  • Vulnerability Type cwe-416 Use After Free
  • Access Vector Local
  • CVSS Rating Medium
  • CVSS Score 6.2
  • CVSS String CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
  • Affected Chipsets*

    SC7731E/SC9832E/SC9863A/T310/T606/T612/T616/T610/T618/T760/T770/T820/S8000

  • Affected Software Versions

    Android12/Android13/Android14

  • CVE ID CVE-2023-52352
  • Title Missing Authorization in Network Adapter Service
  • Description

    In Network Adapter Service, there is a possible missing permission check. This could lead to local denial of service with no additional execution privileges needed.

  • Technology Area Android
  • Vulnerability Type cwe-862 Missing Authorization
  • Access Vector Local
  • CVSS Rating Medium
  • CVSS Score 6.3
  • CVSS String CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:C/C:N/I:N/A:H
  • Affected Chipsets*

    SC7731E/SC9832E/SC9863A/T310/T606/T612/T616/T610/T618/T760/T770/T820/S8000

  • Affected Software Versions

    Android13/Android14

  • CVE ID CVE-2023-52351
  • Title Out-of-bounds Write in ril service
  • Description

    In ril service, there is a possible out of bounds write due to a missing bounds check. This could lead to local denial of service with System execution privileges needed.

  • Technology Area Android
  • Vulnerability Type CWE-787 Out-of-bounds Write
  • Access Vector Local
  • CVSS Rating Medium
  • CVSS Score 5.5
  • CVSS String CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
  • Affected Chipsets*

    SC7731E/SC9832E/SC9863A/T310/T606/T612/T616/T610/T618/T760/T770/T820/S8000

  • Affected Software Versions

    Android12/Android13/Android14

  • CVE ID CVE-2023-52350
  • Title Out-of-bounds Write in ril service
  • Description

    In ril service, there is a possible out of bounds write due to a missing bounds check. This could lead to local denial of service with System execution privileges needed.

  • Technology Area Android
  • Vulnerability Type CWE-787 Out-of-bounds Write
  • Access Vector Local
  • CVSS Rating Medium
  • CVSS Score 5.5
  • CVSS String CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
  • Affected Chipsets*

    SC7731E/SC9832E/SC9863A/T310/T606/T612/T616/T610/T618/T760/T770/T820/S8000

  • Affected Software Versions

    Android12/Android13/Android14

  • CVE ID CVE-2023-52349
  • Title Out-of-bounds Write in ril service
  • Description

    In ril service, there is a possible out of bounds write due to a missing bounds check. This could lead to local denial of service with System execution privileges needed.

  • Technology Area Android
  • Vulnerability Type CWE-787 Out-of-bounds Write
  • Access Vector Local
  • CVSS Rating Medium
  • CVSS Score 5.5
  • CVSS String CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
  • Affected Chipsets*

    SC7731E/SC9832E/SC9863A/T310/T606/T612/T616/T610/T618/T760/T770/T820/S8000

  • Affected Software Versions

    Android12/Android13/Android14

  • CVE ID CVE-2023-52348
  • Title Out-of-bounds Write in ril service
  • Description

    In ril service, there is a possible out of bounds write due to a missing bounds check. This could lead to local denial of service with System execution privileges needed.

  • Technology Area Android
  • Vulnerability Type CWE-787 Out-of-bounds Write
  • Access Vector Local
  • CVSS Rating Medium
  • CVSS Score 5.5
  • CVSS String CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
  • Affected Chipsets*

    SC7731E/SC9832E/SC9863A/T310/T606/T612/T616/T610/T618/T760/T770/T820/S8000

  • Affected Software Versions

    Android12/Android13/Android14

  • CVE ID CVE-2023-52347
  • Title Out-of-bounds Write in ril service
  • Description

    In ril service, there is a possible out of bounds write due to a missing bounds check. This could lead to local denial of service with System execution privileges needed.

  • Technology Area Android
  • Vulnerability Type CWE-787 Out-of-bounds Write
  • Access Vector Local
  • CVSS Rating Medium
  • CVSS Score 5.5
  • CVSS String CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
  • Affected Chipsets*

    SC7731E/SC9832E/SC9863A/T310/T606/T612/T616/T610/T618/T760/T770/T820/S8000

  • Affected Software Versions

    Android12/Android13/Android14

  • CVE ID CVE-2023-52346
  • Title Out-of-bounds Read in modem driver
  • Description

    In modem driver, there is a possible system crash due to improper input validation. This could lead to local information disclosure with System execution privileges needed.

  • Technology Area Kernel
  • Vulnerability Type CWE-125 Out-of-bounds Read
  • Access Vector Local
  • CVSS Rating Medium
  • CVSS Score 6.2
  • CVSS String CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
  • Affected Chipsets*

    SC7731E/SC9832E/SC9863A/T310/T606/T612/T616/T610/T618/T760/T770/T820/S8000

  • Affected Software Versions

    Android12/Android13/Android14

  • CVE ID CVE-2023-52345
  • Title Improper Input Validation in modem driver
  • Description

    In modem driver, there is a possible system crash due to improper input validation. This could lead to local information disclosure with System execution privileges needed.

  • Technology Area Kernel
  • Vulnerability Type CWE-20 Improper Input Validation
  • Access Vector Local
  • CVSS Rating Medium
  • CVSS Score 6.2
  • CVSS String CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
  • Affected Chipsets*

    SC7731E/SC9832E/SC9863A/T310/T606/T612/T616/T610/T618/T760/T770/T820/S8000

  • Affected Software Versions

    Android12/Android13/Android14

  • CVE ID CVE-2023-52344
  • Title Unchecked Error Condition in modem-ps-nas-ngmm
  • Description

    In modem-ps-nas-ngmm, there is a possible undefined behavior due to incorrect error handling. This could lead to remote information disclosure no additional execution privileges needed.

  • Technology Area Modem
  • Vulnerability Type CWE-391 Unchecked Error Condition
  • Access Vector Network
  • CVSS Rating Medium
  • CVSS Score 5.8
  • CVSS String CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:N/A:L
  • Affected Chipsets*

    T760/T770/T820/S8000

  • Affected Software Versions

    Android12/Android13/Android14

  • CVE ID CVE-2023-52343
  • Title Improper Input Validation in SecurityCommand message after as security has been actived.
  • Description

    In SecurityCommand message after as security has been actived, there is a possible improper input validation. This could lead to remote information disclosure no additional execution privileges needed

  • Technology Area Network
  • Vulnerability Type CWE-20 Improper Input Validation
  • Access Vector Network
  • CVSS Rating Medium
  • CVSS Score 5.5
  • CVSS String CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:H/I:L/A:L
  • Affected Chipsets*

    T760/T770/T820/S8000

  • Affected Software Versions

    Android12/Android13/Android14

  • CVE ID CVE-2023-52342
  • Title Unchecked Error Condition in modem-ps-nas-ngmm
  • Description

    In modem-ps-nas-ngmm, there is a possible undefined behavior due to incorrect error handling. This could lead to remote information disclosure no additional execution privileges needed.

  • Technology Area Modem
  • Vulnerability Type CWE-391 Unchecked Error Condition
  • Access Vector Network
  • CVSS Rating Medium
  • CVSS Score 5.3
  • CVSS String CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L
  • Affected Chipsets*

    T760/T770/T820/S8000

  • Affected Software Versions

    Android12/Android13/Android14

  • CVE ID CVE-2023-52341
  • Title Improper Handling of Missing Values,in Plaintext COUNTER CHECK message accepted before AS security activation
  • Description

    In Plaintext COUNTER CHECK message accepted before AS security activation, there is a possible missing permission check. This could lead to remote information disclosure no additional execution privileges needed.

  • Technology Area Modem
  • Vulnerability Type cwe-230 Improper Handling of Missing Values
  • Access Vector Network
  • CVSS Rating Medium
  • CVSS Score 5.4
  • CVSS String CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:N
  • Affected Chipsets*

    T760/T770/T820/S8000

  • Affected Software Versions

    Android12/Android13

*The list of affected chipsets may not be complete. For latest information, device OEMs can contact directly at https://unisupport.unisoc.com

Vulnerability type definition
  • Abbreviation Interpretation
  • RCE Remote Code Execution
  • EoP Elevation of Privilege
  • ID Information Disclosure
  • DoS Denial of Service
  • N/A Classification not available
Version
  • Version Date Description
  • 1.0 2024-03-01