CVE-2022-39129: CWE-121 Stack-based Buffer Overflow in Unisoc (Shanghai) Technologies Co., Ltd. SC9863A/SC9832E/SC7731E/T610/T310/T606/T760/T610/T618/T606/T612/T616/T760/T770/T820/S8000
In face detect driver, there is a possible out of bounds write due to a missing bounds check. This could lead to local denial of service in kernel.
AI Analysis
Technical Summary
CVE-2022-39129 is a stack-based buffer overflow vulnerability identified in the face detect driver of several Unisoc (Shanghai) Technologies Co., Ltd. chipsets, including SC9863A, SC9832E, SC7731E, T310, T606, T610, T612, T616, T618, T760, T770, T820, and S8000. These chipsets are integrated into various Android devices running Android 10, 11, and 12. The vulnerability arises due to a missing bounds check in the face detect driver's code, which leads to an out-of-bounds write on the stack. This flaw can be triggered locally by a user with limited privileges (low privilege requirement) without any user interaction, resulting in a denial of service (DoS) condition at the kernel level. The CVSS v3.1 base score is 5.5 (medium severity), reflecting that the vulnerability requires local access and low complexity to exploit but does not compromise confidentiality or integrity, only availability. No known exploits are currently reported in the wild, and no patches have been publicly linked yet. The vulnerability is classified under CWE-121, indicating a classic stack-based buffer overflow issue, which can cause memory corruption and potential system crashes. Since the flaw resides in the kernel driver, exploitation could lead to system instability or forced reboots, impacting device availability and user experience. However, the lack of remote exploitability and the requirement for local privileges limit the attack surface primarily to users or apps already present on the device.
Potential Impact
For European organizations, the primary impact of CVE-2022-39129 is a potential local denial of service on devices using affected Unisoc chipsets. This could disrupt business operations relying on mobile devices with these chipsets, especially in sectors where device availability is critical (e.g., logistics, field services, healthcare). Although the vulnerability does not allow data theft or privilege escalation directly, repeated or targeted exploitation could degrade device reliability, cause unexpected reboots, or interrupt critical mobile applications. Organizations deploying Android devices with Unisoc chipsets in their workforce or customer base may face increased support costs and potential operational downtime. Additionally, if attackers combine this vulnerability with other local exploits, it could form part of a multi-stage attack chain. The impact is more pronounced for organizations with BYOD policies or those using low-cost devices prevalent in certain European markets, where Unisoc chipsets are more common. However, since exploitation requires local access and no remote vector exists, the risk from external attackers is limited unless the device is physically compromised or malicious apps are installed.
Mitigation Recommendations
1. Device Inventory and Assessment: Identify all Android devices within the organization that use Unisoc chipsets listed in the vulnerability description. This includes checking device models and Android versions (10, 11, 12). 2. Firmware and Driver Updates: Engage with device manufacturers and Unisoc to obtain firmware or driver patches addressing this vulnerability. Apply updates promptly once available. 3. Restrict Local Access: Enforce strict device usage policies to prevent installation of untrusted applications and limit local user privileges to reduce the risk of local exploitation. 4. Application Whitelisting: Implement mobile application management (MAM) solutions to restrict installation of unauthorized or potentially malicious apps that could exploit local vulnerabilities. 5. Monitor Device Stability: Use mobile device management (MDM) tools to monitor for abnormal device behavior such as frequent crashes or reboots that may indicate exploitation attempts. 6. User Awareness: Educate users on the risks of installing unverified apps and the importance of reporting device instability promptly. 7. Network Segmentation: For devices used in sensitive environments, segment network access to limit the impact of compromised devices. 8. Incident Response Preparedness: Develop procedures to quickly isolate and remediate affected devices showing signs of exploitation or instability. These steps go beyond generic patching advice by emphasizing device inventory, user privilege management, and behavioral monitoring tailored to the nature of this local kernel DoS vulnerability.
Affected Countries
Germany, France, Italy, Spain, United Kingdom, Poland, Netherlands, Belgium
CVE-2022-39129: CWE-121 Stack-based Buffer Overflow in Unisoc (Shanghai) Technologies Co., Ltd. SC9863A/SC9832E/SC7731E/T610/T310/T606/T760/T610/T618/T606/T612/T616/T760/T770/T820/S8000
Description
In face detect driver, there is a possible out of bounds write due to a missing bounds check. This could lead to local denial of service in kernel.
AI-Powered Analysis
Technical Analysis
CVE-2022-39129 is a stack-based buffer overflow vulnerability identified in the face detect driver of several Unisoc (Shanghai) Technologies Co., Ltd. chipsets, including SC9863A, SC9832E, SC7731E, T310, T606, T610, T612, T616, T618, T760, T770, T820, and S8000. These chipsets are integrated into various Android devices running Android 10, 11, and 12. The vulnerability arises due to a missing bounds check in the face detect driver's code, which leads to an out-of-bounds write on the stack. This flaw can be triggered locally by a user with limited privileges (low privilege requirement) without any user interaction, resulting in a denial of service (DoS) condition at the kernel level. The CVSS v3.1 base score is 5.5 (medium severity), reflecting that the vulnerability requires local access and low complexity to exploit but does not compromise confidentiality or integrity, only availability. No known exploits are currently reported in the wild, and no patches have been publicly linked yet. The vulnerability is classified under CWE-121, indicating a classic stack-based buffer overflow issue, which can cause memory corruption and potential system crashes. Since the flaw resides in the kernel driver, exploitation could lead to system instability or forced reboots, impacting device availability and user experience. However, the lack of remote exploitability and the requirement for local privileges limit the attack surface primarily to users or apps already present on the device.
Potential Impact
For European organizations, the primary impact of CVE-2022-39129 is a potential local denial of service on devices using affected Unisoc chipsets. This could disrupt business operations relying on mobile devices with these chipsets, especially in sectors where device availability is critical (e.g., logistics, field services, healthcare). Although the vulnerability does not allow data theft or privilege escalation directly, repeated or targeted exploitation could degrade device reliability, cause unexpected reboots, or interrupt critical mobile applications. Organizations deploying Android devices with Unisoc chipsets in their workforce or customer base may face increased support costs and potential operational downtime. Additionally, if attackers combine this vulnerability with other local exploits, it could form part of a multi-stage attack chain. The impact is more pronounced for organizations with BYOD policies or those using low-cost devices prevalent in certain European markets, where Unisoc chipsets are more common. However, since exploitation requires local access and no remote vector exists, the risk from external attackers is limited unless the device is physically compromised or malicious apps are installed.
Mitigation Recommendations
1. Device Inventory and Assessment: Identify all Android devices within the organization that use Unisoc chipsets listed in the vulnerability description. This includes checking device models and Android versions (10, 11, 12). 2. Firmware and Driver Updates: Engage with device manufacturers and Unisoc to obtain firmware or driver patches addressing this vulnerability. Apply updates promptly once available. 3. Restrict Local Access: Enforce strict device usage policies to prevent installation of untrusted applications and limit local user privileges to reduce the risk of local exploitation. 4. Application Whitelisting: Implement mobile application management (MAM) solutions to restrict installation of unauthorized or potentially malicious apps that could exploit local vulnerabilities. 5. Monitor Device Stability: Use mobile device management (MDM) tools to monitor for abnormal device behavior such as frequent crashes or reboots that may indicate exploitation attempts. 6. User Awareness: Educate users on the risks of installing unverified apps and the importance of reporting device instability promptly. 7. Network Segmentation: For devices used in sensitive environments, segment network access to limit the impact of compromised devices. 8. Incident Response Preparedness: Develop procedures to quickly isolate and remediate affected devices showing signs of exploitation or instability. These steps go beyond generic patching advice by emphasizing device inventory, user privilege management, and behavioral monitoring tailored to the nature of this local kernel DoS vulnerability.
Affected Countries
For access to advanced analysis and higher rate limits, contact root@offseq.com
Technical Details
- Data Version
- 5.1
- Assigner Short Name
- Unisoc
- Date Reserved
- 2022-09-01T00:00:00.000Z
- Cisa Enriched
- true
Threat ID: 682d9840c4522896dcbf154e
Added to database: 5/21/2025, 9:09:20 AM
Last enriched: 6/24/2025, 3:10:08 AM
Last updated: 7/30/2025, 6:26:16 AM
Views: 10
Related Threats
CVE-2025-43201: An app may be able to unexpectedly leak a user's credentials in Apple Apple Music Classical for Android
HighCVE-2025-8959: CWE-59: Improper Link Resolution Before File Access (Link Following) in HashiCorp Shared library
HighCVE-2025-44201
LowCVE-2025-36088: CWE-79 Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') in IBM Storage TS4500 Library
MediumCVE-2025-43490: CWE-59 Improper Link Resolution Before File Access ('Link Following') in HP, Inc. HP Hotkey Support Software
MediumActions
Updates to AI analysis are available only with a Pro account. Contact root@offseq.com for access.
External Links
Need enhanced features?
Contact root@offseq.com for Pro access with improved analysis and higher rate limits.