Skip to main content

CVE-2022-42773: cwe-125 Out-of-bounds Read in Unisoc (Shanghai) Technologies Co., Ltd. SC9863A/SC9832E/SC7731E/T610/T310/T606/T760/T610/T618/T606/T612/T616/T760/T770/T820/S8001

Medium
Published: Tue Dec 06 2022 (12/06/2022, 00:00:00 UTC)
Source: CVE
Vendor/Project: Unisoc (Shanghai) Technologies Co., Ltd.
Product: SC9863A/SC9832E/SC7731E/T610/T310/T606/T760/T610/T618/T606/T612/T616/T760/T770/T820/S8001

Description

In wlan driver, there is a possible missing bounds check, This could lead to local denial of service in wlan services.

AI-Powered Analysis

AILast updated: 06/23/2025, 19:59:04 UTC

Technical Analysis

CVE-2022-42773 is a medium-severity vulnerability identified in the WLAN driver of several Unisoc (Shanghai) Technologies Co., Ltd. chipsets, including SC9863A, SC9832E, SC7731E, T310, T606, T610, T612, T616, T618, T760, T770, T820, and S8001. These chipsets are commonly integrated into Android devices running versions 10, 11, and 12. The vulnerability arises from a missing bounds check in the WLAN driver code, classified under CWE-125 (Out-of-bounds Read). This flaw allows an attacker with local privileges and low complexity to trigger an out-of-bounds read condition, which can lead to a denial of service (DoS) by disrupting WLAN services on the affected device. The CVSS v3.1 base score is 5.5, reflecting a medium severity level, with the vector indicating local attack vector (AV:L), low attack complexity (AC:L), requiring low privileges (PR:L), no user interaction (UI:N), unchanged scope (S:U), no impact on confidentiality or integrity (C:N, I:N), but high impact on availability (A:H). No known exploits have been reported in the wild, and no official patches have been linked yet. The vulnerability is relevant primarily to devices using the specified Unisoc chipsets and running the affected Android versions, which are prevalent in budget and mid-range smartphones, especially in emerging markets.

Potential Impact

For European organizations, the primary impact of CVE-2022-42773 is the potential disruption of wireless network connectivity on devices using the affected Unisoc chipsets. This can result in local denial of service conditions, causing loss of WLAN functionality, which may interrupt business operations relying on mobile connectivity, especially for field workers or remote employees using affected devices. While the vulnerability does not compromise confidentiality or integrity, the availability impact could degrade productivity and cause operational delays. Given that Unisoc chipsets are more common in cost-sensitive devices, organizations with employees using such devices may experience intermittent connectivity issues. Additionally, sectors relying on mobile communications for critical functions—such as logistics, healthcare, or emergency services—could face operational risks if devices become unresponsive or disconnected from wireless networks. However, the requirement for local access and low privileges limits the attack surface primarily to insiders or users with physical or local access to the device. The absence of known exploits reduces immediate risk but does not eliminate the need for vigilance.

Mitigation Recommendations

1. Inventory and Identify: Organizations should identify devices within their environment that use Unisoc chipsets listed in the vulnerability and run Android 10, 11, or 12. This can be achieved through mobile device management (MDM) solutions or endpoint asset management tools. 2. Firmware and Driver Updates: Engage with device manufacturers and Unisoc to obtain and deploy firmware or driver updates as soon as they become available. Monitor vendor advisories and security bulletins for patches addressing this vulnerability. 3. Restrict Local Access: Since exploitation requires local privileges, enforce strict physical security controls on devices, including screen locks, strong authentication, and limiting device access to authorized personnel only. 4. Network Segmentation: For devices that must be used in sensitive environments, consider network segmentation to limit the impact of potential WLAN service disruptions. 5. User Awareness: Educate users about the importance of not installing untrusted applications or granting unnecessary permissions that could escalate privileges locally. 6. Monitoring and Incident Response: Implement monitoring for unusual WLAN service disruptions or device reboots that could indicate exploitation attempts. Prepare incident response plans to quickly address potential denial of service events. 7. Alternative Connectivity: Where feasible, provide fallback connectivity options (e.g., cellular data) to mitigate the impact of WLAN service outages on critical operations.

Need more detailed analysis?Get Pro

Technical Details

Data Version
5.1
Assigner Short Name
Unisoc
Date Reserved
2022-10-11T00:00:00.000Z
Cisa Enriched
true

Threat ID: 682d9841c4522896dcbf2055

Added to database: 5/21/2025, 9:09:21 AM

Last enriched: 6/23/2025, 7:59:04 PM

Last updated: 8/17/2025, 10:38:28 AM

Views: 12

Actions

PRO

Updates to AI analysis are available only with a Pro account. Contact root@offseq.com for access.

Please log in to the Console to use AI analysis features.

Need enhanced features?

Contact root@offseq.com for Pro access with improved analysis and higher rate limits.

Latest Threats