CVE-2022-38670 - OpenCVE

In soundrecorder service, there is a missing permission check. This could lead to elevation of privilege in contacts service with no additional execution privileges needed.

Attack Vector Local

Attack Complexity Low

Privileges Required Low

Scope Unchanged

Confidentiality Impact High

Integrity Impact High

Availability Impact High

User Interaction None

No CVSS v3.0

No CVSS v2

Vendors & Products
CPE Configurations

Vendors	Products
Unisoc	S8000 T610 T606 T612 Sc7731e T760 Sc9863a T770 T310 T616 Sc9832e T618 T820
Google	Android

Configuration 1 [-]

AND

OR	cpe:2.3:o:google:android:10.0:::::::*
	cpe:2.3:o:google:android:11.0:::::::*
	cpe:2.3:o:google:android:12.0:::::::*

OR	cpe:2.3:h:unisoc:s8000:-:::::::*
	cpe:2.3:h:unisoc:sc7731e:-:::::::*
	cpe:2.3:h:unisoc:sc9832e:-:::::::*
	cpe:2.3:h:unisoc:sc9863a:-:::::::*
	cpe:2.3:h:unisoc:t310:-:::::::*
	cpe:2.3:h:unisoc:t606:-:::::::*
	cpe:2.3:h:unisoc:t610:-:::::::*
	cpe:2.3:h:unisoc:t612:-:::::::*
	cpe:2.3:h:unisoc:t616:-:::::::*
	cpe:2.3:h:unisoc:t618:-:::::::*
	cpe:2.3:h:unisoc:t760:-:::::::*
	cpe:2.3:h:unisoc:t770:-:::::::*
	cpe:2.3:h:unisoc:t820:-:::::::*

References

Link	Resource
https://www.unisoc.com/en_us/secy/announcementDetail/1575654905820020738	Vendor Advisory

History

No history.

MITRE Information

Status: PUBLISHED

Assigner: Unisoc

Published: 2022-10-14T00:00:00

Updated: 2022-10-14T00:00:00

Reserved: 2022-08-22T00:00:00

Link: CVE-2022-38670

JSON object: View

NVD Information

Status : Analyzed

Published: 2022-10-14T19:15:12.227

Modified: 2022-10-18T19:29:31.240

Link: CVE-2022-38670

JSON object: View

Redhat Information

No data.

CWE

CWE-862

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:google:android:10.0:*:*:*:*:*:*:*", "matchCriteriaId": "D558D965-FA70-4822-A770-419E73BA9ED3", "vulnerable": true}, {"criteria": "cpe:2.3:o:google:android:11.0:*:*:*:*:*:*:*", "matchCriteriaId": "109DD7FD-3A48-4C3D-8E1A-4433B98E1E64", "vulnerable": true}, {"criteria": "cpe:2.3:o:google:android:12.0:*:*:*:*:*:*:*", "matchCriteriaId": "F8FB8EE9-FC56-4D5E-AE55-A5967634740C", "vulnerable": true}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:h:unisoc:s8000:-:*:*:*:*:*:*:*", "matchCriteriaId": "FDE05D06-C798-4217-8858-8C5DC2C94751", "vulnerable": false}, {"criteria": "cpe:2.3:h:unisoc:sc7731e:-:*:*:*:*:*:*:*", "matchCriteriaId": "AC867249-B767-4802-868D-6D0E356C8294", "vulnerable": false}, {"criteria": "cpe:2.3:h:unisoc:sc9832e:-:*:*:*:*:*:*:*", "matchCriteriaId": "25BBD3C5-E87C-4730-970C-19DF855AC3A2", "vulnerable": false}, {"criteria": "cpe:2.3:h:unisoc:sc9863a:-:*:*:*:*:*:*:*", "matchCriteriaId": "DE00DFDE-97DD-4D33-B580-73FEF677C71B", "vulnerable": false}, {"criteria": "cpe:2.3:h:unisoc:t310:-:*:*:*:*:*:*:*", "matchCriteriaId": "F20E00D8-2F00-4FA3-9455-37DC89908D96", "vulnerable": false}, {"criteria": "cpe:2.3:h:unisoc:t606:-:*:*:*:*:*:*:*", "matchCriteriaId": "905E39DD-7948-40A4-B042-EBB9A9591347", "vulnerable": false}, {"criteria": "cpe:2.3:h:unisoc:t610:-:*:*:*:*:*:*:*", "matchCriteriaId": "CDC980D6-B797-4AE1-B553-35395AE80D07", "vulnerable": false}, {"criteria": "cpe:2.3:h:unisoc:t612:-:*:*:*:*:*:*:*", "matchCriteriaId": "98408A48-561A-49D1-967F-834311742B7F", "vulnerable": false}, {"criteria": "cpe:2.3:h:unisoc:t616:-:*:*:*:*:*:*:*", "matchCriteriaId": "756E5850-CDC7-46C2-BAFC-1E2A359A2709", "vulnerable": false}, {"criteria": "cpe:2.3:h:unisoc:t618:-:*:*:*:*:*:*:*", "matchCriteriaId": "39002ECE-636A-4FEB-9A0B-8127E8AAC844", "vulnerable": false}, {"criteria": "cpe:2.3:h:unisoc:t760:-:*:*:*:*:*:*:*", "matchCriteriaId": "3D965CCA-C963-49E4-ACF0-2A9F458AF470", "vulnerable": false}, {"criteria": "cpe:2.3:h:unisoc:t770:-:*:*:*:*:*:*:*", "matchCriteriaId": "0FFEF06A-E3E0-486F-89CC-D52FF3F26F0B", "vulnerable": false}, {"criteria": "cpe:2.3:h:unisoc:t820:-:*:*:*:*:*:*:*", "matchCriteriaId": "49601008-D3FF-47CC-B961-6FDDFC7A0596", "vulnerable": false}], "negate": false, "operator": "OR"}], "operator": "AND"}], "descriptions": [{"lang": "en", "value": "In soundrecorder service, there is a missing permission check. This could lead to elevation of privilege in contacts service with no additional execution privileges needed."}, {"lang": "es", "value": "En soundrecorder service, falta una comprobaci\u00f3n de permisos. Esto podr\u00eda conllevar a una elevaci\u00f3n de privilegios en el servicio de contactos sin ser necesarios privilegios de ejecuci\u00f3n adicionales"}], "id": "CVE-2022-38670", "lastModified": "2022-10-18T19:29:31.240", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "baseScore": 7.8, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "version": "3.1"}, "exploitabilityScore": 1.8, "impactScore": 5.9, "source": "nvd@nist.gov", "type": "Primary"}]}, "published": "2022-10-14T19:15:12.227", "references": [{"source": "security@unisoc.com", "tags": ["Vendor Advisory"], "url": "https://www.unisoc.com/en_us/secy/announcementDetail/1575654905820020738"}], "sourceIdentifier": "security@unisoc.com", "vulnStatus": "Analyzed", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-862"}], "source": "nvd@nist.gov", "type": "Primary"}, {"description": [{"lang": "en", "value": "CWE-862"}], "source": "security@unisoc.com", "type": "Secondary"}]}