Possible Local Escalation of Privilege Vulnerability in Logmanager Service
CVE-2024-39435

7.8HIGH

Key Information:

Vendor: Unisoc
Status: Sc7731e/sc9832e/sc9863a/t310/t606/t612/t616/t610/t618/t760/t770/t820/s8000
Vendor: CVE Published:; 27 September 2024

Summary

In the Logmanager service provided by Unisoc, an input validation vulnerability has been identified. This issue arises from the lack of proper verification of input data, which could potentially allow a local attacker to escalate their privileges. Importantly, this flaw does not require any additional execution privileges, making it a significant concern for organizations utilizing this service. Immediate attention is recommended to implement appropriate security measures and mitigate potential exploitation.

Affected Version(s)

SC7731E/SC9832E/SC9863A/T310/T606/T612/T616/T610/T618/T760/T770/T820/S8000 Android12/Android13/Android14

References

https://www.unisoc.com/en_us/secy/announcementDetail/1830...

CVSS V3.1

Score:

7.8

Severity:

HIGH

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Local

Attack Complexity:

Low

Privileges Required:

Low

User Interaction:

None

Scope:

Unchanged

Timeline

Vulnerability published
Sep 27, 2024
Vulnerability Reserved
Jun 25, 2024