CVE-2022-38676: CWE-787 Out-of-bounds Write in Unisoc (Shanghai) Technologies Co., Ltd. SC9863A/SC9832E/SC7731E/T610/T310/T606/T760/T610/T618/T606/T612/T616/T760/T770/T820/S8000
In gpu driver, there is a possible out of bounds write due to a missing bounds check. This could lead to local denial of service in kernel.
AI Analysis
Technical Summary
CVE-2022-38676 is a medium severity vulnerability identified in the GPU driver of several Unisoc (Shanghai) Technologies Co., Ltd. chipsets, including SC9863A, SC9832E, SC7731E, and multiple T-series models such as T610, T310, T606, T760, T618, T612, T616, T770, T820, and S8000. These chipsets are commonly integrated into Android devices running Android 10, 11, and 12. The vulnerability is classified as CWE-787, an out-of-bounds write due to a missing bounds check in the GPU driver code. This flaw allows a local attacker with limited privileges (low complexity, requiring low privileges and no user interaction) to write data outside the intended memory bounds. The consequence of this out-of-bounds write is a potential denial of service (DoS) condition at the kernel level, causing the affected device to crash or become unresponsive. The CVSS v3.1 score is 5.5 (medium severity), reflecting that the vulnerability impacts availability (kernel DoS) without compromising confidentiality or integrity. Exploitation requires local access and low privileges but does not require user interaction. No known exploits have been reported in the wild, and no patches are currently linked, indicating that mitigation may rely on vendor updates or device firmware upgrades. The vulnerability affects a broad range of Unisoc chipsets used in budget and mid-range Android smartphones, which are prevalent in various markets worldwide, including Europe. The technical root cause is a missing bounds check in the GPU driver, which is critical for graphics processing and system stability. Successful exploitation can disrupt device availability, impacting user experience and potentially interrupting business operations relying on affected mobile devices.
Potential Impact
For European organizations, the impact of CVE-2022-38676 primarily concerns availability disruption on mobile devices using affected Unisoc chipsets. Many European enterprises and public sector entities rely on Android smartphones for communication, remote work, and mobile applications. A local attacker exploiting this vulnerability could cause device crashes or kernel panics, leading to denial of service. While the attack requires local access and low privileges, it could be leveraged in scenarios where an attacker gains physical access or compromises a less privileged app or process on the device. This could disrupt critical communications, mobile workforce productivity, or access to enterprise apps. Although confidentiality and integrity are not directly impacted, repeated or targeted DoS attacks could degrade trust in mobile device reliability. The vulnerability is less likely to be exploited remotely or at scale but poses a risk in environments where devices are shared, lost, or exposed to malicious insiders. Additionally, organizations in sectors with high mobility or field operations (e.g., logistics, utilities, healthcare) may face operational interruptions if affected devices become unstable. The lack of known exploits and patches suggests a window of exposure until vendors release firmware updates, emphasizing the need for proactive risk management.
Mitigation Recommendations
1. Inventory and identify devices using affected Unisoc chipsets and running Android 10, 11, or 12 within the organization. 2. Monitor vendor communications and security advisories from Unisoc and device manufacturers for firmware or driver updates addressing CVE-2022-38676. 3. Apply firmware or OS updates promptly once patches are available to remediate the out-of-bounds write vulnerability. 4. Restrict local access to devices by enforcing strong physical security controls and device lock policies to reduce risk of local exploitation. 5. Limit installation of untrusted or unnecessary applications that could attempt local privilege escalation or exploit kernel vulnerabilities. 6. Employ mobile device management (MDM) solutions to enforce security policies, monitor device health, and remotely wipe or quarantine compromised devices. 7. Educate users on the importance of device security and reporting unusual crashes or instability that may indicate exploitation attempts. 8. For high-risk environments, consider deploying endpoint detection and response (EDR) tools capable of detecting anomalous kernel activity or crashes related to GPU driver faults. 9. Conduct regular security assessments and penetration tests on mobile device fleets to identify and mitigate local privilege escalation or DoS vulnerabilities.
Affected Countries
Germany, France, United Kingdom, Italy, Spain, Poland, Netherlands, Belgium, Sweden, Finland
CVE-2022-38676: CWE-787 Out-of-bounds Write in Unisoc (Shanghai) Technologies Co., Ltd. SC9863A/SC9832E/SC7731E/T610/T310/T606/T760/T610/T618/T606/T612/T616/T760/T770/T820/S8000
Description
In gpu driver, there is a possible out of bounds write due to a missing bounds check. This could lead to local denial of service in kernel.
AI-Powered Analysis
Technical Analysis
CVE-2022-38676 is a medium severity vulnerability identified in the GPU driver of several Unisoc (Shanghai) Technologies Co., Ltd. chipsets, including SC9863A, SC9832E, SC7731E, and multiple T-series models such as T610, T310, T606, T760, T618, T612, T616, T770, T820, and S8000. These chipsets are commonly integrated into Android devices running Android 10, 11, and 12. The vulnerability is classified as CWE-787, an out-of-bounds write due to a missing bounds check in the GPU driver code. This flaw allows a local attacker with limited privileges (low complexity, requiring low privileges and no user interaction) to write data outside the intended memory bounds. The consequence of this out-of-bounds write is a potential denial of service (DoS) condition at the kernel level, causing the affected device to crash or become unresponsive. The CVSS v3.1 score is 5.5 (medium severity), reflecting that the vulnerability impacts availability (kernel DoS) without compromising confidentiality or integrity. Exploitation requires local access and low privileges but does not require user interaction. No known exploits have been reported in the wild, and no patches are currently linked, indicating that mitigation may rely on vendor updates or device firmware upgrades. The vulnerability affects a broad range of Unisoc chipsets used in budget and mid-range Android smartphones, which are prevalent in various markets worldwide, including Europe. The technical root cause is a missing bounds check in the GPU driver, which is critical for graphics processing and system stability. Successful exploitation can disrupt device availability, impacting user experience and potentially interrupting business operations relying on affected mobile devices.
Potential Impact
For European organizations, the impact of CVE-2022-38676 primarily concerns availability disruption on mobile devices using affected Unisoc chipsets. Many European enterprises and public sector entities rely on Android smartphones for communication, remote work, and mobile applications. A local attacker exploiting this vulnerability could cause device crashes or kernel panics, leading to denial of service. While the attack requires local access and low privileges, it could be leveraged in scenarios where an attacker gains physical access or compromises a less privileged app or process on the device. This could disrupt critical communications, mobile workforce productivity, or access to enterprise apps. Although confidentiality and integrity are not directly impacted, repeated or targeted DoS attacks could degrade trust in mobile device reliability. The vulnerability is less likely to be exploited remotely or at scale but poses a risk in environments where devices are shared, lost, or exposed to malicious insiders. Additionally, organizations in sectors with high mobility or field operations (e.g., logistics, utilities, healthcare) may face operational interruptions if affected devices become unstable. The lack of known exploits and patches suggests a window of exposure until vendors release firmware updates, emphasizing the need for proactive risk management.
Mitigation Recommendations
1. Inventory and identify devices using affected Unisoc chipsets and running Android 10, 11, or 12 within the organization. 2. Monitor vendor communications and security advisories from Unisoc and device manufacturers for firmware or driver updates addressing CVE-2022-38676. 3. Apply firmware or OS updates promptly once patches are available to remediate the out-of-bounds write vulnerability. 4. Restrict local access to devices by enforcing strong physical security controls and device lock policies to reduce risk of local exploitation. 5. Limit installation of untrusted or unnecessary applications that could attempt local privilege escalation or exploit kernel vulnerabilities. 6. Employ mobile device management (MDM) solutions to enforce security policies, monitor device health, and remotely wipe or quarantine compromised devices. 7. Educate users on the importance of device security and reporting unusual crashes or instability that may indicate exploitation attempts. 8. For high-risk environments, consider deploying endpoint detection and response (EDR) tools capable of detecting anomalous kernel activity or crashes related to GPU driver faults. 9. Conduct regular security assessments and penetration tests on mobile device fleets to identify and mitigate local privilege escalation or DoS vulnerabilities.
For access to advanced analysis and higher rate limits, contact root@offseq.com
Technical Details
- Data Version
- 5.1
- Assigner Short Name
- Unisoc
- Date Reserved
- 2022-08-22T00:00:00.000Z
- Cisa Enriched
- true
- Cvss Version
- 3.1
- State
- PUBLISHED
Threat ID: 682cd0fb1484d88663aec69e
Added to database: 5/20/2025, 6:59:07 PM
Last enriched: 7/6/2025, 11:26:13 AM
Last updated: 7/26/2025, 6:02:43 PM
Views: 10
Related Threats
CVE-2025-53606: CWE-502 Deserialization of Untrusted Data in Apache Software Foundation Apache Seata (incubating)
CriticalCVE-2025-48913: CWE-20 Improper Input Validation in Apache Software Foundation Apache CXF
HighCVE-2025-6572: CWE-79 Cross-Site Scripting (XSS) in OpenStreetMap for Gutenberg and WPBakery Page Builder (formerly Visual Composer)
HighCVE-2025-54959: Improper limitation of a pathname to a restricted directory ('Path Traversal') in Mubit co.,ltd. Powered BLUE 870
MediumCVE-2025-54958: Improper neutralization of special elements used in an OS command ('OS Command Injection') in Mubit co.,ltd. Powered BLUE 870
MediumActions
Updates to AI analysis are available only with a Pro account. Contact root@offseq.com for access.
External Links
Need enhanced features?
Contact root@offseq.com for Pro access with improved analysis and higher rate limits.