Skip to main content

CVE-2022-39103: CWE-862 Missing Authorization in Unisoc (Shanghai) Technologies Co., Ltd. SC9863A/SC9832E/SC7731E/T610/T310/T606/T760/T610/T618/T606/T612/T616/T760/T770/T820/S8000

Medium
VulnerabilityCVE-2022-39103cvecve-2022-39103cwe-862
Published: Fri Oct 14 2022 (10/14/2022, 00:00:00 UTC)
Source: CVE
Vendor/Project: Unisoc (Shanghai) Technologies Co., Ltd.
Product: SC9863A/SC9832E/SC7731E/T610/T310/T606/T760/T610/T618/T606/T612/T616/T760/T770/T820/S8000

Description

In Gallery service, there is a missing permission check. This could lead to local denial of service in Gallery service with no additional execution privileges needed.

AI-Powered Analysis

AILast updated: 07/06/2025, 11:12:12 UTC

Technical Analysis

CVE-2022-39103 is a medium-severity vulnerability identified in the Gallery service of devices using Unisoc (Shanghai) Technologies Co., Ltd. chipsets, specifically models SC9863A, SC9832E, SC7731E, T610, T310, T606, T760, T618, T612, T616, T770, T820, and S8000. These chipsets are integrated into devices running Android versions 10, 11, and 12. The vulnerability is classified under CWE-862, indicating a missing authorization check within the Gallery service. This flaw allows a local attacker with limited privileges (low-level privileges) to trigger a denial of service (DoS) condition in the Gallery service without requiring additional execution privileges or user interaction. The attack vector is local, meaning the attacker must have some level of access to the device, such as a local user or a malicious app with limited permissions. The vulnerability does not impact confidentiality or integrity but affects availability by causing the Gallery service to crash or become unresponsive. The CVSS v3.1 base score is 5.5, reflecting medium severity, with the vector string AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H, indicating local attack vector, low attack complexity, low privileges required, no user interaction, unchanged scope, no confidentiality or integrity impact, and high impact on availability. No known exploits in the wild have been reported, and no patches or mitigation links are provided in the source information, suggesting that affected device manufacturers or vendors may need to issue updates to address this issue.

Potential Impact

For European organizations, the primary impact of CVE-2022-39103 is the potential disruption of availability of the Gallery service on devices using the affected Unisoc chipsets. While the vulnerability does not compromise sensitive data or device integrity, denial of service conditions can degrade user experience and operational continuity, especially in environments where mobile devices are used for critical communication, media handling, or field operations. Organizations relying on mobile devices with these chipsets may face productivity losses or increased support costs due to service crashes. Additionally, the vulnerability could be leveraged as part of a broader attack chain if combined with other exploits, although this is speculative given the current information. Since exploitation requires local access and low privileges, the risk is higher in scenarios where devices are shared, or where untrusted applications can be installed without strict controls. The lack of user interaction requirement means that once local access is obtained, the attacker can cause the denial of service autonomously. However, the absence of known exploits and the medium severity rating suggest that the immediate threat level is moderate but should not be ignored, especially in sensitive or high-availability contexts.

Mitigation Recommendations

To mitigate CVE-2022-39103, European organizations should take a multi-layered approach: 1) Inventory and identify devices using the affected Unisoc chipsets and Android versions 10 through 12 within their environment. 2) Engage with device manufacturers and vendors to obtain firmware or software updates that address this vulnerability; prioritize deployment of patches as they become available. 3) Restrict installation of untrusted or unnecessary applications on mobile devices to reduce the risk of local privilege exploitation. 4) Implement mobile device management (MDM) solutions to enforce security policies, including application whitelisting and privilege restrictions. 5) Educate users about the risks of installing unverified apps and the importance of device security hygiene. 6) Monitor device behavior for signs of abnormal Gallery service crashes or instability, which could indicate attempted exploitation. 7) Where feasible, consider isolating critical mobile devices or limiting their exposure to untrusted networks or users. Since no direct patches are currently linked, organizations should maintain close communication with Unisoc and device OEMs for updates and advisories.

Need more detailed analysis?Get Pro

Technical Details

Data Version
5.1
Assigner Short Name
Unisoc
Date Reserved
2022-09-01T00:00:00.000Z
Cisa Enriched
true
Cvss Version
3.1
State
PUBLISHED

Threat ID: 682cd0fb1484d88663aec67b

Added to database: 5/20/2025, 6:59:07 PM

Last enriched: 7/6/2025, 11:12:12 AM

Last updated: 8/8/2025, 11:01:36 AM

Views: 12

Actions

PRO

Updates to AI analysis are available only with a Pro account. Contact root@offseq.com for access.

Please log in to the Console to use AI analysis features.

Need enhanced features?

Contact root@offseq.com for Pro access with improved analysis and higher rate limits.

Latest Threats