Permission Check Flaw in Power Management Service Affects UNISOC Products
CVE-2022-39091

7.8HIGH

Key Information:

Vendor: Unisoc (shanghai) Technologies Co., Ltd.
Status: Sc9863a/sc9832e/sc7731e/t610/t310/t606/t760/t610/t618/t606/t612/t616/t760/t770/t820/s8000
Vendor: CVE Published:; 6 December 2022

🔔 Create Unisoc (shanghai) Technologies Co., Ltd. Vulnerability Alert

What is CVE-2022-39091?

A vulnerability exists in the power management service of UNISOC chipsets due to a missing permission check. This oversight allows unauthorized configurations of power management setups without the need for additional execution privileges, potentially exposing the system to various security risks.

Affected Version(s)

SC9863A/SC9832E/SC7731E/T610/T310/T606/T760/T610/T618/T606/T612/T616/T760/T770/T820/S8000 Android10/Android11/Android12

References

https://www.unisoc.com/en_us/secy/announcementDetail/1599...

CVSS V3.1

Score:

7.8

Severity:

HIGH

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Local

Attack Complexity:

Low

Privileges Required:

Low

User Interaction:

None

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Dec 6, 2022
Vulnerability Reserved
Sep 1, 2022