Skip to main content

CVE-2022-39128: CWE-400 Uncontrolled Resource Consumption in Unisoc (Shanghai) Technologies Co., Ltd. SC9863A/SC9832E/SC7731E/T610/T310/T606/T760/T610/T618/T606/T612/T616/T760/T770/T820/S8000

Medium
VulnerabilityCVE-2022-39128cvecve-2022-39128cwe-400
Published: Fri Oct 14 2022 (10/14/2022, 00:00:00 UTC)
Source: CVE
Vendor/Project: Unisoc (Shanghai) Technologies Co., Ltd.
Product: SC9863A/SC9832E/SC7731E/T610/T310/T606/T760/T610/T618/T606/T612/T616/T760/T770/T820/S8000

Description

In sensor driver, there is a possible out of bounds write due to a missing bounds check. This could lead to local denial of service in kernel.

AI-Powered Analysis

AILast updated: 07/06/2025, 14:28:07 UTC

Technical Analysis

CVE-2022-39128 is a medium-severity vulnerability identified in several Unisoc (Shanghai) Technologies Co., Ltd. chipsets, including SC9863A, SC9832E, SC7731E, T610, T310, T606, T760, T618, T612, T616, T770, T820, and S8000. These chipsets are commonly integrated into Android devices running Android 10, 11, and 12. The vulnerability arises from a flaw in the sensor driver where a missing bounds check leads to an out-of-bounds write condition. This uncontrolled resource consumption (classified under CWE-400) can cause a local denial of service (DoS) at the kernel level. Specifically, the out-of-bounds write can corrupt kernel memory, potentially causing the affected device to crash or become unresponsive. The attack vector requires local access with low privileges (PR:L), no user interaction (UI:N), and low attack complexity (AC:L), but it does not impact confidentiality or integrity, only availability. No known exploits are currently reported in the wild, and no patches have been linked yet, indicating that mitigation may rely on vendor updates or device firmware upgrades. The vulnerability's CVSS 3.1 score is 5.5, reflecting a medium severity primarily due to its impact on availability and ease of exploitation by a local attacker.

Potential Impact

For European organizations, the impact of CVE-2022-39128 is primarily related to device availability and operational continuity. Devices using affected Unisoc chipsets—often found in budget or mid-range smartphones and IoT devices—may experience kernel crashes or reboots if exploited, leading to service interruptions. This can affect employees’ mobile devices, IoT deployments, or embedded systems relying on these chipsets. Although the vulnerability does not compromise data confidentiality or integrity, denial of service conditions can disrupt business operations, especially in sectors relying on mobile connectivity or sensor data, such as logistics, manufacturing, or healthcare. The local attack requirement limits remote exploitation, but insider threats or malware with local access could leverage this flaw to degrade device reliability. The absence of known exploits reduces immediate risk, but the lack of patches means devices remain vulnerable until updates are applied. Organizations with large fleets of devices using these chipsets should be aware of potential operational disruptions and plan accordingly.

Mitigation Recommendations

To mitigate CVE-2022-39128, European organizations should: 1) Inventory devices to identify those using affected Unisoc chipsets and running Android 10, 11, or 12. 2) Monitor vendor communications from Unisoc and device manufacturers for firmware or driver updates addressing this vulnerability and apply patches promptly once available. 3) Restrict local access to devices by enforcing strong endpoint security policies, including limiting physical access and controlling application permissions to prevent untrusted code execution. 4) Employ mobile device management (MDM) solutions to monitor device health and detect abnormal reboots or crashes indicative of exploitation attempts. 5) Educate users on the risks of installing untrusted applications or granting excessive permissions that could enable local exploitation. 6) For IoT deployments, isolate affected devices on segmented networks to minimize potential impact and monitor for anomalous behavior. 7) Engage with vendors to request timely patches and consider device replacement if updates are not forthcoming within a reasonable timeframe.

Need more detailed analysis?Get Pro

Technical Details

Data Version
5.1
Assigner Short Name
Unisoc
Date Reserved
2022-09-01T00:00:00.000Z
Cisa Enriched
true
Cvss Version
3.1
State
PUBLISHED

Threat ID: 682cd0fb1484d88663aec94c

Added to database: 5/20/2025, 6:59:07 PM

Last enriched: 7/6/2025, 2:28:07 PM

Last updated: 8/13/2025, 4:43:56 AM

Views: 13

Actions

PRO

Updates to AI analysis are available only with a Pro account. Contact root@offseq.com for access.

Please log in to the Console to use AI analysis features.

Need enhanced features?

Contact root@offseq.com for Pro access with improved analysis and higher rate limits.

Latest Threats