Skip to main content

CVE-2022-39123: CWE-400 Uncontrolled Resource Consumption in Unisoc (Shanghai) Technologies Co., Ltd. SC9863A/SC9832E/SC7731E/T610/T310/T606/T760/T610/T618/T606/T612/T616/T760/T770/T820/S8000

Medium
VulnerabilityCVE-2022-39123cvecve-2022-39123cwe-400
Published: Fri Oct 14 2022 (10/14/2022, 00:00:00 UTC)
Source: CVE
Vendor/Project: Unisoc (Shanghai) Technologies Co., Ltd.
Product: SC9863A/SC9832E/SC7731E/T610/T310/T606/T760/T610/T618/T606/T612/T616/T760/T770/T820/S8000

Description

In sensor driver, there is a possible out of bounds write due to a missing bounds check. This could lead to local denial of service in kernel.

AI-Powered Analysis

AILast updated: 07/06/2025, 14:25:40 UTC

Technical Analysis

CVE-2022-39123 is a medium severity vulnerability identified in several Unisoc (Shanghai) Technologies Co., Ltd. chipsets, including SC9863A, SC9832E, SC7731E, T610, T310, T606, T760, T618, T612, T616, T770, T820, and S8000. These chipsets are commonly integrated into Android devices running versions 10, 11, and 12. The vulnerability arises from a missing bounds check in the sensor driver, which leads to an out-of-bounds write condition. This flaw is categorized under CWE-400, indicating uncontrolled resource consumption. Specifically, the out-of-bounds write can cause a local denial of service (DoS) in the kernel, effectively crashing or destabilizing the device's operating system. The CVSS v3.1 score is 5.5, reflecting a medium severity level, with an attack vector classified as local (AV:L), requiring low attack complexity (AC:L), and low privileges (PR:L) but no user interaction (UI:N). The impact is limited to availability (A:H), with no confidentiality or integrity impact. No known exploits are currently reported in the wild, and no patches have been linked in the provided data. The vulnerability affects the kernel sensor driver, a critical component responsible for managing sensor data, which if exploited, can disrupt device functionality and user experience.

Potential Impact

For European organizations, the impact of this vulnerability primarily concerns devices utilizing affected Unisoc chipsets running Android 10 to 12. These devices could experience kernel crashes or reboots due to the local DoS condition, potentially disrupting business operations reliant on mobile devices, especially in sectors where mobile device availability is critical (e.g., logistics, field services, healthcare). Although the vulnerability requires local access and low privileges, it could be exploited by malicious insiders or through compromised applications with limited permissions. The lack of confidentiality and integrity impact reduces the risk of data breaches, but availability disruptions could affect productivity and service continuity. Additionally, the absence of known exploits suggests a lower immediate threat, but organizations should remain vigilant. Enterprises deploying mobile device management (MDM) solutions should monitor for unusual device behavior indicative of kernel instability. The vulnerability also poses a risk for consumer devices used by employees, potentially affecting remote work scenarios.

Mitigation Recommendations

To mitigate this vulnerability, European organizations should: 1) Identify and inventory all mobile devices using Unisoc chipsets listed in the CVE, focusing on Android versions 10, 11, and 12. 2) Engage with device manufacturers and vendors to obtain firmware or OS updates that address this vulnerability; prioritize patch deployment as soon as they become available. 3) Implement strict application control policies to limit installation of untrusted or unnecessary apps that could exploit local vulnerabilities. 4) Employ mobile device management (MDM) solutions to monitor device health and detect abnormal kernel crashes or reboots. 5) Educate users about the risks of installing unverified applications and the importance of device updates. 6) For high-security environments, consider restricting physical access to devices or enforcing additional authentication to reduce the risk of local exploitation. 7) Monitor security advisories from Unisoc and Android security bulletins for updates or patches related to this vulnerability. Since no patches are currently linked, proactive communication with vendors is critical.

Need more detailed analysis?Get Pro

Technical Details

Data Version
5.1
Assigner Short Name
Unisoc
Date Reserved
2022-09-01T00:00:00.000Z
Cisa Enriched
true
Cvss Version
3.1
State
PUBLISHED

Threat ID: 682cd0fb1484d88663aec92b

Added to database: 5/20/2025, 6:59:07 PM

Last enriched: 7/6/2025, 2:25:40 PM

Last updated: 7/31/2025, 12:46:36 PM

Views: 11

Actions

PRO

Updates to AI analysis are available only with a Pro account. Contact root@offseq.com for access.

Please log in to the Console to use AI analysis features.

Need enhanced features?

Contact root@offseq.com for Pro access with improved analysis and higher rate limits.

Latest Threats