CVE-2022-48390
https://notcve.org/view.php?id=CVE-2022-48390
In telephony service, there is a possible missing permission check. This could lead to local escalation of privilege with no additional execution privileges. • https://www.unisoc.com/en_us/secy/announcementDetail/1664822361414762498 • CWE-862: Missing Authorization •
CVE-2022-44419
https://notcve.org/view.php?id=CVE-2022-44419
In modem, there is a possible missing verification of NAS Security Mode Command Replay Attacks in LTE. This could local denial of service with no additional execution privileges. • https://www.unisoc.com/en_us/secy/announcementDetail/1654776866982133761 •
CVE-2022-44420
https://notcve.org/view.php?id=CVE-2022-44420
In modem, there is a possible missing verification of HashMME value in Security Mode Command. This could local denial of service with no additional execution privileges. • https://www.unisoc.com/en_us/secy/announcementDetail/1654776866982133761 • CWE-345: Insufficient Verification of Data Authenticity •
CVE-2022-47485
https://notcve.org/view.php?id=CVE-2022-47485
In modem control device, there is a possible out of bounds write due to a missing bounds check. This could lead to local denial of service with System execution privileges needed. • https://www.unisoc.com/en_us/secy/announcementDetail/1654776866982133761 • CWE-787: Out-of-bounds Write •
CVE-2022-47334
https://notcve.org/view.php?id=CVE-2022-47334
In phasecheck server, there is a possible out of bounds read due to a missing bounds check. This could lead to local denial of service with System execution privileges needed. • https://www.unisoc.com/en_us/secy/announcementDetail/1654776866982133761 • CWE-125: Out-of-bounds Read •