Skip to main content

CVE-2022-42768: cwe-126 Buffer Over-read in Unisoc (Shanghai) Technologies Co., Ltd. SC9863A/SC9832E/SC7731E/T610/T310/T606/T760/T610/T618/T606/T612/T616/T760/T770/T820/S8013

Medium
Published: Tue Dec 06 2022 (12/06/2022, 00:00:00 UTC)
Source: CVE
Vendor/Project: Unisoc (Shanghai) Technologies Co., Ltd.
Product: SC9863A/SC9832E/SC7731E/T610/T310/T606/T760/T610/T618/T606/T612/T616/T760/T770/T820/S8013

Description

In wlan driver, there is a possible missing bounds check, This could lead to local denial of service in wlan services.

AI-Powered Analysis

AILast updated: 06/23/2025, 21:26:32 UTC

Technical Analysis

CVE-2022-42768 is a medium-severity vulnerability identified in the WLAN driver components of several Unisoc (Shanghai) Technologies Co., Ltd. chipsets, including SC9863A, SC9832E, SC7731E, and multiple T-series models such as T610, T310, T606, T760, T618, T612, T616, T770, T820, and S8013. These chipsets are commonly integrated into Android devices running versions 10, 11, and 12. The vulnerability arises from a missing bounds check in the WLAN driver, leading to a buffer over-read condition classified under CWE-126 and CWE-125. This flaw allows an attacker with local privileges (PR:L) to cause a denial of service (DoS) by triggering a crash or malfunction in WLAN services, impacting availability without affecting confidentiality or integrity. The CVSS 3.1 base score is 4.3, reflecting a medium severity level, with an attack vector of network (AV:N) but requiring local privileges and no user interaction. No known exploits are currently reported in the wild, and no patches have been publicly linked yet. The vulnerability is primarily a local DoS risk, potentially disrupting wireless connectivity on affected devices, which could impact user experience and device functionality but does not enable remote code execution or data compromise.

Potential Impact

For European organizations, the primary impact of CVE-2022-42768 is the potential disruption of wireless network services on devices using affected Unisoc chipsets. This could lead to temporary loss of Wi-Fi connectivity, affecting mobile workforce productivity, especially in sectors relying heavily on mobile communications such as logistics, retail, and field services. Although the vulnerability does not compromise data confidentiality or integrity, the availability impact could interrupt critical communications or access to cloud services. Enterprises deploying Android devices with these chipsets may experience increased support costs and operational disruptions. Additionally, environments with strict uptime requirements or those relying on WLAN for critical operations could face service degradation. However, the requirement for local privileges limits the attack surface primarily to insiders or users with physical or logical access to the device, reducing the risk of widespread remote exploitation.

Mitigation Recommendations

To mitigate this vulnerability, European organizations should: 1) Identify and inventory all Android devices using Unisoc chipsets listed in the advisory, focusing on those running Android 10, 11, or 12. 2) Engage with device manufacturers and Unisoc to obtain and deploy firmware or driver updates as soon as they become available, as no official patches are currently linked. 3) Implement strict access controls on devices to prevent unauthorized local access, including enforcing strong device lock mechanisms and limiting administrative privileges. 4) Monitor WLAN service stability and logs for unusual crashes or service interruptions that could indicate exploitation attempts. 5) Educate users about the risks of installing untrusted applications or granting unnecessary permissions that could facilitate local privilege escalation. 6) Consider network segmentation and use of VPNs to reduce the impact of potential WLAN service disruptions on critical business operations. 7) Maintain up-to-date endpoint detection and response (EDR) solutions to detect anomalous behavior related to WLAN driver crashes or attempts to exploit local vulnerabilities.

Need more detailed analysis?Get Pro

Technical Details

Data Version
5.1
Assigner Short Name
Unisoc
Date Reserved
2022-10-11T00:00:00.000Z
Cisa Enriched
true

Threat ID: 682d9841c4522896dcbf1d3f

Added to database: 5/21/2025, 9:09:21 AM

Last enriched: 6/23/2025, 9:26:32 PM

Last updated: 7/31/2025, 7:18:28 AM

Views: 11

Actions

PRO

Updates to AI analysis are available only with a Pro account. Contact root@offseq.com for access.

Please log in to the Console to use AI analysis features.

Need enhanced features?

Contact root@offseq.com for Pro access with improved analysis and higher rate limits.

Latest Threats