CVE-2022-38673: CWE-126 Buffer Over-read in Unisoc (Shanghai) Technologies Co., Ltd. SC9863A/SC9832E/SC7731E/T610/T310/T606/T760/T610/T618/T606/T612/T616/T760/T770/T820/S8000
In face detect driver, there is a possible out of bounds write due to a missing bounds check. This could lead to local denial of service in kernel.
AI Analysis
Technical Summary
CVE-2022-38673 is a medium severity vulnerability identified in the face detection driver of several Unisoc (Shanghai) Technologies Co., Ltd. chipsets, including SC9863A, SC9832E, SC7731E, and multiple T-series models (T610, T310, T606, T760, T618, T612, T616, T770, T820, S8000). The vulnerability arises from a buffer over-read condition (CWE-126) caused by a missing bounds check in the driver code. Specifically, the face detect driver fails to properly validate input boundaries before accessing memory, leading to an out-of-bounds write scenario. This flaw can be triggered locally by an attacker with limited privileges (low privileges required) and does not require user interaction. Exploitation results in a denial of service (DoS) condition at the kernel level, causing the affected device to crash or become unresponsive. The vulnerability affects devices running Android versions 10, 11, and 12 that incorporate these Unisoc chipsets. The CVSS v3.1 base score is 5.5, reflecting a medium severity level, with the vector indicating local attack vector (AV:L), low attack complexity (AC:L), low privileges required (PR:L), no user interaction (UI:N), unchanged scope (S:U), no impact on confidentiality or integrity (C:N/I:N), and high impact on availability (A:H). No known exploits have been reported in the wild, and no patches were linked in the provided data, suggesting that mitigation may require vendor updates or device firmware upgrades. The vulnerability is significant because it targets kernel-level code, which if exploited, can disrupt device availability and potentially be leveraged as part of a broader attack chain on affected Android devices using Unisoc chipsets.
Potential Impact
For European organizations, the impact of CVE-2022-38673 primarily concerns mobile devices and embedded systems utilizing Unisoc chipsets running Android 10-12. The vulnerability can lead to local denial of service, causing devices to crash or reboot unexpectedly, which may disrupt business operations relying on mobile communications or IoT devices. Although the vulnerability does not directly compromise confidentiality or integrity, the availability impact at the kernel level can affect critical mobile applications, secure communications, or device management platforms. Organizations with field-deployed devices using these chipsets—such as in logistics, manufacturing, or mobile workforce scenarios—may experience operational interruptions. Additionally, the low privilege and no user interaction requirements lower the barrier for exploitation by insiders or malware with local access. While no known exploits exist currently, the vulnerability could be chained with other flaws to escalate attacks. Given the widespread use of Android devices in Europe, especially in sectors like finance, healthcare, and public services, ensuring device stability and availability is crucial. The threat is more operationally disruptive than data compromising but still warrants timely mitigation to prevent denial of service conditions that could impact service delivery or user productivity.
Mitigation Recommendations
To mitigate CVE-2022-38673 effectively, European organizations should: 1) Inventory and identify devices using affected Unisoc chipsets and running Android 10, 11, or 12. 2) Monitor vendor communications from Unisoc and device manufacturers for security patches or firmware updates addressing this vulnerability and apply them promptly. 3) Where patches are unavailable, consider restricting local access to devices by enforcing strict endpoint security policies, limiting installation of untrusted applications, and employing mobile device management (MDM) solutions to control device configurations. 4) Implement runtime protection mechanisms such as kernel integrity monitoring and anomaly detection to identify abnormal device behavior indicative of exploitation attempts. 5) Educate users and administrators about the risks of local privilege escalation and denial of service vulnerabilities, emphasizing the importance of physical device security and cautious app installation. 6) For critical environments, consider deploying additional redundancy or failover mechanisms to mitigate potential service disruptions caused by device crashes. 7) Engage with suppliers and service providers to ensure that devices procured in the future have updated firmware free from this vulnerability. These steps go beyond generic advice by focusing on device-specific inventory, patch management, local access control, and operational continuity planning tailored to the affected Unisoc chipset ecosystem.
Affected Countries
Germany, France, United Kingdom, Italy, Spain, Poland, Netherlands, Belgium, Sweden, Finland
CVE-2022-38673: CWE-126 Buffer Over-read in Unisoc (Shanghai) Technologies Co., Ltd. SC9863A/SC9832E/SC7731E/T610/T310/T606/T760/T610/T618/T606/T612/T616/T760/T770/T820/S8000
Description
In face detect driver, there is a possible out of bounds write due to a missing bounds check. This could lead to local denial of service in kernel.
AI-Powered Analysis
Technical Analysis
CVE-2022-38673 is a medium severity vulnerability identified in the face detection driver of several Unisoc (Shanghai) Technologies Co., Ltd. chipsets, including SC9863A, SC9832E, SC7731E, and multiple T-series models (T610, T310, T606, T760, T618, T612, T616, T770, T820, S8000). The vulnerability arises from a buffer over-read condition (CWE-126) caused by a missing bounds check in the driver code. Specifically, the face detect driver fails to properly validate input boundaries before accessing memory, leading to an out-of-bounds write scenario. This flaw can be triggered locally by an attacker with limited privileges (low privileges required) and does not require user interaction. Exploitation results in a denial of service (DoS) condition at the kernel level, causing the affected device to crash or become unresponsive. The vulnerability affects devices running Android versions 10, 11, and 12 that incorporate these Unisoc chipsets. The CVSS v3.1 base score is 5.5, reflecting a medium severity level, with the vector indicating local attack vector (AV:L), low attack complexity (AC:L), low privileges required (PR:L), no user interaction (UI:N), unchanged scope (S:U), no impact on confidentiality or integrity (C:N/I:N), and high impact on availability (A:H). No known exploits have been reported in the wild, and no patches were linked in the provided data, suggesting that mitigation may require vendor updates or device firmware upgrades. The vulnerability is significant because it targets kernel-level code, which if exploited, can disrupt device availability and potentially be leveraged as part of a broader attack chain on affected Android devices using Unisoc chipsets.
Potential Impact
For European organizations, the impact of CVE-2022-38673 primarily concerns mobile devices and embedded systems utilizing Unisoc chipsets running Android 10-12. The vulnerability can lead to local denial of service, causing devices to crash or reboot unexpectedly, which may disrupt business operations relying on mobile communications or IoT devices. Although the vulnerability does not directly compromise confidentiality or integrity, the availability impact at the kernel level can affect critical mobile applications, secure communications, or device management platforms. Organizations with field-deployed devices using these chipsets—such as in logistics, manufacturing, or mobile workforce scenarios—may experience operational interruptions. Additionally, the low privilege and no user interaction requirements lower the barrier for exploitation by insiders or malware with local access. While no known exploits exist currently, the vulnerability could be chained with other flaws to escalate attacks. Given the widespread use of Android devices in Europe, especially in sectors like finance, healthcare, and public services, ensuring device stability and availability is crucial. The threat is more operationally disruptive than data compromising but still warrants timely mitigation to prevent denial of service conditions that could impact service delivery or user productivity.
Mitigation Recommendations
To mitigate CVE-2022-38673 effectively, European organizations should: 1) Inventory and identify devices using affected Unisoc chipsets and running Android 10, 11, or 12. 2) Monitor vendor communications from Unisoc and device manufacturers for security patches or firmware updates addressing this vulnerability and apply them promptly. 3) Where patches are unavailable, consider restricting local access to devices by enforcing strict endpoint security policies, limiting installation of untrusted applications, and employing mobile device management (MDM) solutions to control device configurations. 4) Implement runtime protection mechanisms such as kernel integrity monitoring and anomaly detection to identify abnormal device behavior indicative of exploitation attempts. 5) Educate users and administrators about the risks of local privilege escalation and denial of service vulnerabilities, emphasizing the importance of physical device security and cautious app installation. 6) For critical environments, consider deploying additional redundancy or failover mechanisms to mitigate potential service disruptions caused by device crashes. 7) Engage with suppliers and service providers to ensure that devices procured in the future have updated firmware free from this vulnerability. These steps go beyond generic advice by focusing on device-specific inventory, patch management, local access control, and operational continuity planning tailored to the affected Unisoc chipset ecosystem.
For access to advanced analysis and higher rate limits, contact root@offseq.com
Technical Details
- Data Version
- 5.1
- Assigner Short Name
- Unisoc
- Date Reserved
- 2022-08-22T00:00:00.000Z
- Cisa Enriched
- true
- Cvss Version
- 3.1
- State
- PUBLISHED
Threat ID: 682cd0fb1484d88663aec69c
Added to database: 5/20/2025, 6:59:07 PM
Last enriched: 7/6/2025, 11:25:56 AM
Last updated: 8/15/2025, 2:13:49 AM
Views: 12
Related Threats
CVE-2025-9092: CWE-400 Uncontrolled Resource Consumption in Legion of the Bouncy Castle Inc. Bouncy Castle for Java - BC-FJA 2.1.0
LowCVE-2025-9089: Stack-based Buffer Overflow in Tenda AC20
HighCVE-2025-9088: Stack-based Buffer Overflow in Tenda AC20
HighCVE-2025-9087: Stack-based Buffer Overflow in Tenda AC20
HighCVE-2025-8878: CWE-94 Improper Control of Generation of Code ('Code Injection') in properfraction Paid Membership Plugin, Ecommerce, User Registration Form, Login Form, User Profile & Restrict Content – ProfilePress
MediumActions
Updates to AI analysis are available only with a Pro account. Contact root@offseq.com for access.
External Links
Need enhanced features?
Contact root@offseq.com for Pro access with improved analysis and higher rate limits.