Missing Permission Check in Ion Service Affecting UNISOC Products
CVE-2023-42681

7.8HIGH

Key Information:

Vendor

Unisoc (shanghai) Technologies Co., Ltd.

Status
Sc7731e/sc9832e/sc9863a/t310/t606/t612/t616/t610/t618/t760/t770/t820/s8000
Vendor
CVE Published:
4 December 2023

What is CVE-2023-42681?

The vulnerability in UNISOC's Ion service involves a failure to enforce proper permission checks. This flaw could enable local users to escalate their privileges without requiring additional execution rights, posing a significant security risk. It is essential for users of affected products to apply the necessary updates and mitigate potential exploitation.

Affected Version(s)

SC7731E/SC9832E/SC9863A/T310/T606/T612/T616/T610/T618/T760/T770/T820/S8000 Android11/Android12/Android13

References

https://www.unisoc.com/en_us/secy/announcementDetail/http...

CVSS V3.1

Score:
7.8
Severity:
HIGH
Confidentiality:
High
Integrity:
High
Availability:
High
Attack Vector:
Local
Attack Complexity:
Low
Privileges Required:
Low
User Interaction:
None
Scope:
Unchanged

Timeline

  • Vulnerability published

  • Vulnerability Reserved

.