MidnightBSD

Advisories for unisoc

CVE-2022-27250 HIGH

The UNISOC chipset through 2022-03-15 allows attackers to obtain remote control of a mobile phone, e.g., to obtain sensitive information from text messages or the device's screen, record video of the device's physical environment, or modify data.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 9.8 CRITICAL CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H 3.9 5.9

CVSS 2.0

Severity: HIGH

Problem Type: NVD-CWE-noinfo,

Products Affected

Vendor Product Version
unisoc unisoc_chipset *
CVE-2023-33898

In telephony service, there is a missing permission check. This could lead to local information disclosure with no additional execution privileges needed.

Products Affected

Vendor Product Version
unisoc t606 -
unisoc t616 -
unisoc t770 -
unisoc sc7731e -
unisoc sc9863a -
unisoc t760 -
unisoc sc9832e -
unisoc t310 -
unisoc t610 -
unisoc t612 -
unisoc s8000 -
unisoc t820 -
unisoc t618 -