CVE-2022-38672: CWE-121 Stack-based Buffer Overflow in Unisoc (Shanghai) Technologies Co., Ltd. SC9863A/SC9832E/SC7731E/T610/T310/T606/T760/T610/T618/T606/T612/T616/T760/T770/T820/S8000
In face detect driver, there is a possible out of bounds write due to a missing bounds check. This could lead to local denial of service in kernel.
AI Analysis
Technical Summary
CVE-2022-38672 is a medium severity stack-based buffer overflow vulnerability (CWE-121) found in the face detect driver of several Unisoc (Shanghai) Technologies Co., Ltd. chipsets, including SC9863A, SC9832E, SC7731E, and multiple T-series models such as T610, T310, T606, T760, T618, T612, T616, T770, T820, and S8000. These chipsets are integrated into devices running Android versions 10, 11, and 12. The vulnerability arises due to a missing bounds check in the face detection driver, which can lead to an out-of-bounds write on the stack. This flaw can be exploited locally by an attacker with low privileges (PR:L) without requiring user interaction (UI:N). Successful exploitation results in a denial of service (DoS) condition at the kernel level, causing system instability or crashes. The CVSS v3.1 base score is 5.5, reflecting a medium severity level, with an attack vector limited to local access and low attack complexity. There are no known exploits in the wild, and no patches have been explicitly linked in the provided information. The vulnerability does not impact confidentiality or integrity but affects availability due to potential kernel crashes. Given the nature of the flaw, exploitation requires local code execution capabilities or access to the vulnerable driver interface, which may be possible through malicious applications or compromised processes on affected devices.
Potential Impact
For European organizations, the primary impact of CVE-2022-38672 lies in potential service disruption on devices using affected Unisoc chipsets. Many budget and mid-range Android smartphones and IoT devices incorporate these chipsets, which may be used by employees or within enterprise environments. A local attacker or malicious application could trigger kernel crashes, leading to device instability or denial of service. This could disrupt business operations relying on mobile devices, especially in sectors where mobile device availability is critical, such as logistics, field services, or healthcare. Although the vulnerability does not allow data theft or privilege escalation directly, repeated crashes could degrade user trust and productivity. Additionally, if attackers combine this vulnerability with other exploits, it could form part of a more complex attack chain. The lack of known exploits reduces immediate risk, but the presence of the vulnerability in widely used Android versions means organizations should remain vigilant. Enterprises deploying mobile device management (MDM) solutions should monitor for unusual device behavior indicative of exploitation attempts.
Mitigation Recommendations
To mitigate CVE-2022-38672, organizations should: 1) Identify devices using affected Unisoc chipsets and running Android 10, 11, or 12. 2) Apply vendor-supplied firmware or OS updates as soon as they become available from device manufacturers or Unisoc. Since no direct patch links are provided, organizations should engage with device vendors for security updates. 3) Restrict installation of untrusted or unsigned applications to reduce the risk of local exploitation via malicious apps. 4) Employ mobile device management (MDM) policies to enforce application whitelisting and monitor device stability logs for kernel crashes or abnormal reboots. 5) Educate users about the risks of installing apps from unknown sources and encourage prompt reporting of device issues. 6) For sensitive environments, consider network segmentation and limiting physical access to devices to reduce the likelihood of local attacks. 7) Monitor security advisories from Unisoc, Android, and device manufacturers for updates or exploit disclosures related to this vulnerability.
Affected Countries
Germany, France, United Kingdom, Italy, Spain, Poland, Netherlands, Belgium, Sweden, Finland
CVE-2022-38672: CWE-121 Stack-based Buffer Overflow in Unisoc (Shanghai) Technologies Co., Ltd. SC9863A/SC9832E/SC7731E/T610/T310/T606/T760/T610/T618/T606/T612/T616/T760/T770/T820/S8000
Description
In face detect driver, there is a possible out of bounds write due to a missing bounds check. This could lead to local denial of service in kernel.
AI-Powered Analysis
Technical Analysis
CVE-2022-38672 is a medium severity stack-based buffer overflow vulnerability (CWE-121) found in the face detect driver of several Unisoc (Shanghai) Technologies Co., Ltd. chipsets, including SC9863A, SC9832E, SC7731E, and multiple T-series models such as T610, T310, T606, T760, T618, T612, T616, T770, T820, and S8000. These chipsets are integrated into devices running Android versions 10, 11, and 12. The vulnerability arises due to a missing bounds check in the face detection driver, which can lead to an out-of-bounds write on the stack. This flaw can be exploited locally by an attacker with low privileges (PR:L) without requiring user interaction (UI:N). Successful exploitation results in a denial of service (DoS) condition at the kernel level, causing system instability or crashes. The CVSS v3.1 base score is 5.5, reflecting a medium severity level, with an attack vector limited to local access and low attack complexity. There are no known exploits in the wild, and no patches have been explicitly linked in the provided information. The vulnerability does not impact confidentiality or integrity but affects availability due to potential kernel crashes. Given the nature of the flaw, exploitation requires local code execution capabilities or access to the vulnerable driver interface, which may be possible through malicious applications or compromised processes on affected devices.
Potential Impact
For European organizations, the primary impact of CVE-2022-38672 lies in potential service disruption on devices using affected Unisoc chipsets. Many budget and mid-range Android smartphones and IoT devices incorporate these chipsets, which may be used by employees or within enterprise environments. A local attacker or malicious application could trigger kernel crashes, leading to device instability or denial of service. This could disrupt business operations relying on mobile devices, especially in sectors where mobile device availability is critical, such as logistics, field services, or healthcare. Although the vulnerability does not allow data theft or privilege escalation directly, repeated crashes could degrade user trust and productivity. Additionally, if attackers combine this vulnerability with other exploits, it could form part of a more complex attack chain. The lack of known exploits reduces immediate risk, but the presence of the vulnerability in widely used Android versions means organizations should remain vigilant. Enterprises deploying mobile device management (MDM) solutions should monitor for unusual device behavior indicative of exploitation attempts.
Mitigation Recommendations
To mitigate CVE-2022-38672, organizations should: 1) Identify devices using affected Unisoc chipsets and running Android 10, 11, or 12. 2) Apply vendor-supplied firmware or OS updates as soon as they become available from device manufacturers or Unisoc. Since no direct patch links are provided, organizations should engage with device vendors for security updates. 3) Restrict installation of untrusted or unsigned applications to reduce the risk of local exploitation via malicious apps. 4) Employ mobile device management (MDM) policies to enforce application whitelisting and monitor device stability logs for kernel crashes or abnormal reboots. 5) Educate users about the risks of installing apps from unknown sources and encourage prompt reporting of device issues. 6) For sensitive environments, consider network segmentation and limiting physical access to devices to reduce the likelihood of local attacks. 7) Monitor security advisories from Unisoc, Android, and device manufacturers for updates or exploit disclosures related to this vulnerability.
For access to advanced analysis and higher rate limits, contact root@offseq.com
Technical Details
- Data Version
- 5.1
- Assigner Short Name
- Unisoc
- Date Reserved
- 2022-08-22T00:00:00.000Z
- Cisa Enriched
- true
- Cvss Version
- 3.1
- State
- PUBLISHED
Threat ID: 682cd0fb1484d88663aec69a
Added to database: 5/20/2025, 6:59:07 PM
Last enriched: 7/6/2025, 11:25:38 AM
Last updated: 7/29/2025, 6:21:13 PM
Views: 10
Related Threats
CVE-2025-9008: SQL Injection in itsourcecode Online Tour and Travel Management System
MediumCVE-2025-9007: Buffer Overflow in Tenda CH22
HighCVE-2025-9006: Buffer Overflow in Tenda CH22
HighCVE-2025-9005: Information Exposure Through Error Message in mtons mblog
MediumCVE-2025-9004: Improper Restriction of Excessive Authentication Attempts in mtons mblog
MediumActions
Updates to AI analysis are available only with a Pro account. Contact root@offseq.com for access.
External Links
Need enhanced features?
Contact root@offseq.com for Pro access with improved analysis and higher rate limits.