CVE-2022-38687 - OpenCVE

In messaging service, there is a missing permission check. This could lead to local denial of service in messaging service with no additional execution privileges needed.

No CVSS v4.0

Attack Vector Local

Attack Complexity Low

Privileges Required Low

Scope Unchanged

Confidentiality Impact None

Integrity Impact None

Availability Impact High

User Interaction None

No CVSS v3.0

No CVSS v2

This CVE is not in the KEV list.

Key SSVC decision points have not yet been added.

Vendors	Products
Google	Android
Unisoc	S8000 Sc7731e Sc9832e Sc9863a T310 T606 T610 T612 T616 T618 T760 T770 T820

Configuration 1 [-]

AND

OR	cpe:2.3:o:google:android:10.0:::::::*
	cpe:2.3:o:google:android:11.0:::::::*
	cpe:2.3:o:google:android:12.0:::::::*

OR	cpe:2.3:h:unisoc:s8000:-:::::::*
	cpe:2.3:h:unisoc:sc7731e:-:::::::*
	cpe:2.3:h:unisoc:sc9832e:-:::::::*
	cpe:2.3:h:unisoc:sc9863a:-:::::::*
	cpe:2.3:h:unisoc:t310:-:::::::*
	cpe:2.3:h:unisoc:t606:-:::::::*
	cpe:2.3:h:unisoc:t610:-:::::::*
	cpe:2.3:h:unisoc:t612:-:::::::*
	cpe:2.3:h:unisoc:t616:-:::::::*
	cpe:2.3:h:unisoc:t618:-:::::::*
	cpe:2.3:h:unisoc:t760:-:::::::*
	cpe:2.3:h:unisoc:t770:-:::::::*
	cpe:2.3:h:unisoc:t820:-:::::::*

No data.

References

Link	Providers
https://www.unisoc.com/en_us/secy/announcementDetail/1575654905820020738

History

No history.

MITRE

Status: PUBLISHED

Assigner: Unisoc

Published: 2022-10-14T00:00:00

Updated: 2024-08-03T11:02:14.225Z

Reserved: 2022-08-22T00:00:00

Link: CVE-2022-38687

Vulnrichment

No data.

NVD

Status : Analyzed

Published: 2022-10-14T19:15:13.363

Modified: 2022-10-17T19:57:02.293

Link: CVE-2022-38687

Redhat

No data.

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:google:android:10.0:*:*:*:*:*:*:*", "matchCriteriaId": "D558D965-FA70-4822-A770-419E73BA9ED3", "vulnerable": true}, {"criteria": "cpe:2.3:o:google:android:11.0:*:*:*:*:*:*:*", "matchCriteriaId": "109DD7FD-3A48-4C3D-8E1A-4433B98E1E64", "vulnerable": true}, {"criteria": "cpe:2.3:o:google:android:12.0:*:*:*:*:*:*:*", "matchCriteriaId": "F8FB8EE9-FC56-4D5E-AE55-A5967634740C", "vulnerable": true}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:h:unisoc:s8000:-:*:*:*:*:*:*:*", "matchCriteriaId": "FDE05D06-C798-4217-8858-8C5DC2C94751", "vulnerable": false}, {"criteria": "cpe:2.3:h:unisoc:sc7731e:-:*:*:*:*:*:*:*", "matchCriteriaId": "AC867249-B767-4802-868D-6D0E356C8294", "vulnerable": false}, {"criteria": "cpe:2.3:h:unisoc:sc9832e:-:*:*:*:*:*:*:*", "matchCriteriaId": "25BBD3C5-E87C-4730-970C-19DF855AC3A2", "vulnerable": false}, {"criteria": "cpe:2.3:h:unisoc:sc9863a:-:*:*:*:*:*:*:*", "matchCriteriaId": "DE00DFDE-97DD-4D33-B580-73FEF677C71B", "vulnerable": false}, {"criteria": "cpe:2.3:h:unisoc:t310:-:*:*:*:*:*:*:*", "matchCriteriaId": "F20E00D8-2F00-4FA3-9455-37DC89908D96", "vulnerable": false}, {"criteria": "cpe:2.3:h:unisoc:t606:-:*:*:*:*:*:*:*", "matchCriteriaId": "905E39DD-7948-40A4-B042-EBB9A9591347", "vulnerable": false}, {"criteria": "cpe:2.3:h:unisoc:t610:-:*:*:*:*:*:*:*", "matchCriteriaId": "CDC980D6-B797-4AE1-B553-35395AE80D07", "vulnerable": false}, {"criteria": "cpe:2.3:h:unisoc:t612:-:*:*:*:*:*:*:*", "matchCriteriaId": "98408A48-561A-49D1-967F-834311742B7F", "vulnerable": false}, {"criteria": "cpe:2.3:h:unisoc:t616:-:*:*:*:*:*:*:*", "matchCriteriaId": "756E5850-CDC7-46C2-BAFC-1E2A359A2709", "vulnerable": false}, {"criteria": "cpe:2.3:h:unisoc:t618:-:*:*:*:*:*:*:*", "matchCriteriaId": "39002ECE-636A-4FEB-9A0B-8127E8AAC844", "vulnerable": false}, {"criteria": "cpe:2.3:h:unisoc:t760:-:*:*:*:*:*:*:*", "matchCriteriaId": "3D965CCA-C963-49E4-ACF0-2A9F458AF470", "vulnerable": false}, {"criteria": "cpe:2.3:h:unisoc:t770:-:*:*:*:*:*:*:*", "matchCriteriaId": "0FFEF06A-E3E0-486F-89CC-D52FF3F26F0B", "vulnerable": false}, {"criteria": "cpe:2.3:h:unisoc:t820:-:*:*:*:*:*:*:*", "matchCriteriaId": "49601008-D3FF-47CC-B961-6FDDFC7A0596", "vulnerable": false}], "negate": false, "operator": "OR"}], "operator": "AND"}], "cveTags": [], "descriptions": [{"lang": "en", "value": "In messaging service, there is a missing permission check. This could lead to local denial of service in messaging service with no additional execution privileges needed."}, {"lang": "es", "value": "En messaging service, falta una comprobaci\u00f3n de permisos. Esto podr\u00eda conllevar a una denegaci\u00f3n de servicio local en messaging service sin ser necesarios privilegios de ejecuci\u00f3n adicionales"}], "id": "CVE-2022-38687", "lastModified": "2022-10-17T19:57:02.293", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "baseScore": 5.5, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "version": "3.1"}, "exploitabilityScore": 1.8, "impactScore": 3.6, "source": "nvd@nist.gov", "type": "Primary"}]}, "published": "2022-10-14T19:15:13.363", "references": [{"source": "security@unisoc.com", "tags": ["Vendor Advisory"], "url": "https://www.unisoc.com/en_us/secy/announcementDetail/1575654905820020738"}], "sourceIdentifier": "security@unisoc.com", "vulnStatus": "Analyzed", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-862"}], "source": "nvd@nist.gov", "type": "Primary"}, {"description": [{"lang": "en", "value": "CWE-400"}], "source": "security@unisoc.com", "type": "Secondary"}]}