Skip to main content

CVE-2022-42758: cwe-126 Buffer Over-read in Unisoc (Shanghai) Technologies Co., Ltd. SC9863A/SC9832E/SC7731E/T610/T310/T606/T760/T610/T618/T606/T612/T616/T760/T770/T820/S8016

Low
Published: Tue Dec 06 2022 (12/06/2022, 00:00:00 UTC)
Source: CVE
Vendor/Project: Unisoc (Shanghai) Technologies Co., Ltd.
Product: SC9863A/SC9832E/SC7731E/T610/T310/T606/T760/T610/T618/T606/T612/T616/T760/T770/T820/S8016

Description

In wlan driver, there is a possible missing bounds check, This could lead to local denial of service in wlan services.

AI-Powered Analysis

AILast updated: 06/23/2025, 07:34:50 UTC

Technical Analysis

CVE-2022-42758 is a vulnerability identified in the WLAN driver of several Unisoc (Shanghai) Technologies Co., Ltd. chipsets, including SC9863A, SC9832E, SC7731E, and multiple T-series models (T610, T310, T606, T760, T618, T612, T616, T770, T820, S8016). These chipsets are commonly integrated into Android devices running versions 10, 11, and 12. The vulnerability arises due to a missing bounds check in the WLAN driver code, which leads to a buffer over-read condition classified under CWE-126. A buffer over-read occurs when a program reads data beyond the allocated buffer boundaries, potentially causing unexpected behavior or crashes. In this case, the consequence is a local denial of service (DoS) affecting WLAN services on the device. The vulnerability requires local privileges with low complexity and no user interaction, as indicated by the CVSS vector (AV:L/AC:L/PR:L/UI:N). The impact is limited to availability, with no confidentiality or integrity compromise. No known exploits have been reported in the wild, and no patches have been publicly linked yet. The vulnerability was reserved in October 2022 and published in December 2022, with a CVSS score of 3.3, indicating a low severity level. The affected WLAN driver is a critical component managing wireless connectivity, so exploitation could disrupt network access on affected devices, causing service interruptions and potential user inconvenience.

Potential Impact

For European organizations, the primary impact of CVE-2022-42758 is the potential disruption of wireless network connectivity on devices using affected Unisoc chipsets. This could lead to temporary denial of WLAN services, affecting mobile workforce productivity, especially in environments relying heavily on wireless communication. While the vulnerability does not compromise data confidentiality or integrity, the availability impact could hinder operations dependent on stable wireless connections, such as remote work, IoT device management, and mobile communications. The local nature of the exploit means attackers would need access to the device, limiting remote exploitation risks. However, in scenarios where devices are shared or physically accessible, such as in public or semi-public spaces, the risk of local DoS attacks increases. The lack of known exploits reduces immediate threat levels but does not eliminate the risk of future exploitation. Organizations deploying Android devices with Unisoc chipsets should be aware of potential WLAN service interruptions and plan accordingly.

Mitigation Recommendations

To mitigate CVE-2022-42758, European organizations should: 1) Inventory and identify devices using affected Unisoc chipsets and running Android versions 10, 11, or 12. 2) Monitor vendor communications from Unisoc and device manufacturers for patches or firmware updates addressing this vulnerability and apply them promptly once available. 3) Implement device usage policies limiting physical access to devices, reducing the risk of local exploitation. 4) Employ network monitoring to detect unusual WLAN service disruptions that could indicate exploitation attempts. 5) Where feasible, consider upgrading devices to newer hardware or software versions not affected by this vulnerability. 6) Educate IT staff and end-users about the importance of securing physical access to devices and reporting connectivity issues promptly. 7) For critical environments, consider deploying alternative wireless adapters or network interfaces that do not rely on the vulnerable drivers until patches are applied.

Need more detailed analysis?Get Pro

Technical Details

Data Version
5.1
Assigner Short Name
Unisoc
Date Reserved
2022-10-11T00:00:00.000Z
Cisa Enriched
true

Threat ID: 682d9843c4522896dcbf3111

Added to database: 5/21/2025, 9:09:23 AM

Last enriched: 6/23/2025, 7:34:50 AM

Last updated: 8/10/2025, 8:02:14 PM

Views: 12

Actions

PRO

Updates to AI analysis are available only with a Pro account. Contact root@offseq.com for access.

Please log in to the Console to use AI analysis features.

Need enhanced features?

Contact root@offseq.com for Pro access with improved analysis and higher rate limits.

Latest Threats