Security Bulletin
Summary
- Security CVES
- Medium CVE-2024-39442
Minutia
- CVE ID CVE-2024-39442
- Title Missing Authorization in sprd ssense service
- Description
In sprd ssense service, there is a possible missing permission check. This could lead to local information disclosure with no additional execution privileges needed.
- Technology Area Android
- Vulnerability Type CWE-862 Missing Authorization
- Access Vector Local
- CVSS Rating Medium
- CVSS Score 6.2
- CVSS String CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
- Affected Chipsets*
SC7731E/SC9832E/SC9863A/T310/T606/T612/T616/T610/T618/T750/T765/T760/T770/T820/S8000/T8300/T9300
- Affected Software Versions
Android13/Android14/Android15
*The list of affected chipsets may not be complete. For latest information, device OEMs can contact directly at https://unisupport.unisoc.com
Vulnerability type definition
- Abbreviation Interpretation
- RCE Remote Code Execution
- EoP Elevation of Privilege
- ID Information Disclosure
- DoS Denial of Service
- N/A Classification not available
Version
- Version Date Description
- 1.0 2025-05-30