CVE-2022-38687: CWE-400 Uncontrolled Resource Consumption in Unisoc (Shanghai) Technologies Co., Ltd. SC9863A/SC9832E/SC7731E/T610/T310/T606/T760/T610/T618/T606/T612/T616/T760/T770/T820/S8000
In messaging service, there is a missing permission check. This could lead to local denial of service in messaging service with no additional execution privileges needed.
AI Analysis
Technical Summary
CVE-2022-38687 is a medium-severity vulnerability classified under CWE-400 (Uncontrolled Resource Consumption) affecting multiple Unisoc (Shanghai) Technologies Co., Ltd. chipsets, including SC9863A, SC9832E, SC7731E, T610, T310, T606, T760, T618, T612, T616, T770, T820, and S8000. These chipsets are integrated into devices running Android versions 10, 11, and 12. The vulnerability arises from a missing permission check within the messaging service component of the affected devices. This flaw allows a local attacker—who has limited privileges but no additional execution rights—to trigger uncontrolled resource consumption, leading to a denial of service (DoS) condition specifically targeting the messaging service. The attack does not require user interaction, making it easier to exploit once local access is obtained. The CVSS v3.1 score is 5.5, reflecting a medium severity level, with the vector indicating local attack vector (AV:L), low attack complexity (AC:L), low privileges required (PR:L), no user interaction (UI:N), unchanged scope (S:U), no impact on confidentiality or integrity (C:N/I:N), but high impact on availability (A:H). No known exploits have been reported in the wild, and no patches have been linked yet. The vulnerability could cause the messaging service to become unresponsive or crash, potentially disrupting critical communication functions on affected devices.
Potential Impact
For European organizations, especially those relying on mobile devices embedded with Unisoc chipsets running Android 10 to 12, this vulnerability poses a risk of local denial of service attacks that could disrupt messaging capabilities. This can impact business continuity, particularly in sectors where timely communication is critical, such as healthcare, emergency services, and finance. Although exploitation requires local access with some privileges, insider threats or malware that gains limited local access could leverage this vulnerability to degrade device functionality. The unavailability of messaging services could hinder operational workflows and emergency communications. Additionally, given the widespread use of Android devices in Europe, organizations using devices with affected chipsets could face increased support costs and potential reputational damage if service disruptions occur. However, the lack of remote exploitability and no known active exploitation reduce the immediate risk level.
Mitigation Recommendations
European organizations should prioritize identifying devices using the affected Unisoc chipsets and Android versions 10 through 12 within their environment. Since no patches are currently linked, organizations should monitor Unisoc and device manufacturers for firmware or OS updates addressing this vulnerability. In the interim, restricting local access to devices is critical—implement strict endpoint security controls to prevent unauthorized local access, including enforcing strong authentication and limiting physical access. Deploy mobile device management (MDM) solutions to monitor device health and detect abnormal resource consumption patterns indicative of exploitation attempts. Educate users about the risks of installing untrusted applications or granting unnecessary permissions that could facilitate local privilege escalation. For high-security environments, consider isolating or replacing devices with vulnerable chipsets until patches are available. Regularly review and update security policies to include controls against local privilege abuse and resource exhaustion attacks.
Affected Countries
Germany, France, United Kingdom, Italy, Spain, Netherlands, Poland, Sweden, Belgium, Austria
CVE-2022-38687: CWE-400 Uncontrolled Resource Consumption in Unisoc (Shanghai) Technologies Co., Ltd. SC9863A/SC9832E/SC7731E/T610/T310/T606/T760/T610/T618/T606/T612/T616/T760/T770/T820/S8000
Description
In messaging service, there is a missing permission check. This could lead to local denial of service in messaging service with no additional execution privileges needed.
AI-Powered Analysis
Technical Analysis
CVE-2022-38687 is a medium-severity vulnerability classified under CWE-400 (Uncontrolled Resource Consumption) affecting multiple Unisoc (Shanghai) Technologies Co., Ltd. chipsets, including SC9863A, SC9832E, SC7731E, T610, T310, T606, T760, T618, T612, T616, T770, T820, and S8000. These chipsets are integrated into devices running Android versions 10, 11, and 12. The vulnerability arises from a missing permission check within the messaging service component of the affected devices. This flaw allows a local attacker—who has limited privileges but no additional execution rights—to trigger uncontrolled resource consumption, leading to a denial of service (DoS) condition specifically targeting the messaging service. The attack does not require user interaction, making it easier to exploit once local access is obtained. The CVSS v3.1 score is 5.5, reflecting a medium severity level, with the vector indicating local attack vector (AV:L), low attack complexity (AC:L), low privileges required (PR:L), no user interaction (UI:N), unchanged scope (S:U), no impact on confidentiality or integrity (C:N/I:N), but high impact on availability (A:H). No known exploits have been reported in the wild, and no patches have been linked yet. The vulnerability could cause the messaging service to become unresponsive or crash, potentially disrupting critical communication functions on affected devices.
Potential Impact
For European organizations, especially those relying on mobile devices embedded with Unisoc chipsets running Android 10 to 12, this vulnerability poses a risk of local denial of service attacks that could disrupt messaging capabilities. This can impact business continuity, particularly in sectors where timely communication is critical, such as healthcare, emergency services, and finance. Although exploitation requires local access with some privileges, insider threats or malware that gains limited local access could leverage this vulnerability to degrade device functionality. The unavailability of messaging services could hinder operational workflows and emergency communications. Additionally, given the widespread use of Android devices in Europe, organizations using devices with affected chipsets could face increased support costs and potential reputational damage if service disruptions occur. However, the lack of remote exploitability and no known active exploitation reduce the immediate risk level.
Mitigation Recommendations
European organizations should prioritize identifying devices using the affected Unisoc chipsets and Android versions 10 through 12 within their environment. Since no patches are currently linked, organizations should monitor Unisoc and device manufacturers for firmware or OS updates addressing this vulnerability. In the interim, restricting local access to devices is critical—implement strict endpoint security controls to prevent unauthorized local access, including enforcing strong authentication and limiting physical access. Deploy mobile device management (MDM) solutions to monitor device health and detect abnormal resource consumption patterns indicative of exploitation attempts. Educate users about the risks of installing untrusted applications or granting unnecessary permissions that could facilitate local privilege escalation. For high-security environments, consider isolating or replacing devices with vulnerable chipsets until patches are available. Regularly review and update security policies to include controls against local privilege abuse and resource exhaustion attacks.
For access to advanced analysis and higher rate limits, contact root@offseq.com
Technical Details
- Data Version
- 5.1
- Assigner Short Name
- Unisoc
- Date Reserved
- 2022-08-22T00:00:00.000Z
- Cisa Enriched
- true
- Cvss Version
- 3.1
- State
- PUBLISHED
Threat ID: 682cd0fb1484d88663aec6d6
Added to database: 5/20/2025, 6:59:07 PM
Last enriched: 7/6/2025, 11:40:46 AM
Last updated: 7/26/2025, 10:20:09 PM
Views: 11
Related Threats
CVE-2025-36000: CWE-79 Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') in IBM WebSphere Application Server Liberty
MediumCVE-2025-55169: CWE-287: Improper Authentication in LabRedesCefetRJ WeGIA
CriticalCVE-2025-43734: CWE-79 Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') in Liferay Portal
MediumCVE-2025-36124: CWE-268 Privilege Chaining in IBM WebSphere Application Server Liberty
MediumCVE-2025-55168: CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') in LabRedesCefetRJ WeGIA
CriticalActions
Updates to AI analysis are available only with a Pro account. Contact root@offseq.com for access.
External Links
Need enhanced features?
Contact root@offseq.com for Pro access with improved analysis and higher rate limits.