Missing Permission Check in Ion Service Affecting UNISOC Products
CVE-2023-42681

7.8HIGH

Key Information:

Vendor
Unisoc
Status
SC7731E/SC9832E/SC9863A/T310/T606/T612/T616/T610/T618/T760/T770/T820/S8000
Vendor
CVE Published:
4 December 2023

Summary

The vulnerability in UNISOC's Ion service involves a failure to enforce proper permission checks. This flaw could enable local users to escalate their privileges without requiring additional execution rights, posing a significant security risk. It is essential for users of affected products to apply the necessary updates and mitigate potential exploitation.

Affected Version(s)

SC7731E/SC9832E/SC9863A/T310/T606/T612/T616/T610/T618/T760/T770/T820/S8000 Android11/Android12/Android13

References

https://www.unisoc.com/en_us/secy/announcementDetail/http...

CVSS V3.1

Score:
7.8
Severity:
HIGH
Confidentiality:
High
Integrity:
High
Availability:
High
Attack Vector:
Local
Attack Complexity:
Low
Privileges Required:
Low
User Interaction:
None
Scope:
Unchanged

Timeline

  • Vulnerability published

  • Vulnerability Reserved

.