CVE-2023-48339

  1. OpenCVE
  2. Vulnerabilities (CVE)
  3. CVE-2023-48339
In jpg driver, there is a possible missing permission check. This could lead to local information disclosure with System execution privileges needed

4.4 /10

CVSS v3 : MEDIUM

V3 Legend

Vector :

Exploitability : 0.8 / Impact : 3.6

Attack Vector LOCAL

Attack Complexity LOW

Privileges Required HIGH

User Interaction NONE

Confidentiality Impact HIGH

Integrity Impact NONE

Availability Impact NONE

Scope UNCHANGED

References
Link Resource
https://www.unisoc.com/en_us/secy/announcementDetail/1745735200442220545 Vendor Advisory
https://www.unisoc.com/en_us/secy/announcementDetail/1745735200442220545 Vendor Advisory
Configurations

Configuration 1 (hide)

AND
OR cpe:2.3:o:google:android:11.0:*:*:*:*:*:*:*
cpe:2.3:o:google:android:12.0:*:*:*:*:*:*:*
cpe:2.3:o:google:android:13.0:*:*:*:*:*:*:*
OR cpe:2.3:h:unisoc:s8000:-:*:*:*:*:*:*:*
cpe:2.3:h:unisoc:sc7731e:-:*:*:*:*:*:*:*
cpe:2.3:h:unisoc:sc9832e:-:*:*:*:*:*:*:*
cpe:2.3:h:unisoc:sc9863a:-:*:*:*:*:*:*:*
cpe:2.3:h:unisoc:t310:-:*:*:*:*:*:*:*
cpe:2.3:h:unisoc:t606:-:*:*:*:*:*:*:*
cpe:2.3:h:unisoc:t610:-:*:*:*:*:*:*:*
cpe:2.3:h:unisoc:t612:-:*:*:*:*:*:*:*
cpe:2.3:h:unisoc:t616:-:*:*:*:*:*:*:*
cpe:2.3:h:unisoc:t618:-:*:*:*:*:*:*:*
cpe:2.3:h:unisoc:t760:-:*:*:*:*:*:*:*
cpe:2.3:h:unisoc:t770:-:*:*:*:*:*:*:*
cpe:2.3:h:unisoc:t820:-:*:*:*:*:*:*:*
History

21 Nov 2024, 08:31

Type Values Removed Values Added
References () https://www.unisoc.com/en_us/secy/announcementDetail/1745735200442220545 - Vendor Advisory () https://www.unisoc.com/en_us/secy/announcementDetail/1745735200442220545 - Vendor Advisory

25 Jan 2024, 02:12

Type Values Removed Values Added
CWE CWE-862
References () https://www.unisoc.com/en_us/secy/announcementDetail/1745735200442220545 - () https://www.unisoc.com/en_us/secy/announcementDetail/1745735200442220545 - Vendor Advisory
CPE cpe:2.3:h:unisoc:t820:-:*:*:*:*:*:*:*
cpe:2.3:h:unisoc:sc9832e:-:*:*:*:*:*:*:*
cpe:2.3:o:google:android:13.0:*:*:*:*:*:*:*
cpe:2.3:h:unisoc:sc7731e:-:*:*:*:*:*:*:*
cpe:2.3:h:unisoc:s8000:-:*:*:*:*:*:*:*
cpe:2.3:h:unisoc:t612:-:*:*:*:*:*:*:*
cpe:2.3:h:unisoc:t610:-:*:*:*:*:*:*:*
cpe:2.3:h:unisoc:t760:-:*:*:*:*:*:*:*
cpe:2.3:h:unisoc:t618:-:*:*:*:*:*:*:*
cpe:2.3:h:unisoc:t606:-:*:*:*:*:*:*:*
cpe:2.3:h:unisoc:t616:-:*:*:*:*:*:*:*
cpe:2.3:h:unisoc:sc9863a:-:*:*:*:*:*:*:*
cpe:2.3:h:unisoc:t310:-:*:*:*:*:*:*:*
cpe:2.3:h:unisoc:t770:-:*:*:*:*:*:*:*
cpe:2.3:o:google:android:11.0:*:*:*:*:*:*:*
cpe:2.3:o:google:android:12.0:*:*:*:*:*:*:*
CVSS v2 : unknown
v3 : unknown 		v2 : unknown
v3 : 4.4
First Time Unisoc
Unisoc t606
Google
Unisoc s8000
Unisoc t760
Unisoc t616
Unisoc t612
Google android
Unisoc sc9863a
Unisoc t618
Unisoc sc9832e
Unisoc sc7731e
Unisoc t770
Unisoc t820
Unisoc t610
Unisoc t310

18 Jan 2024, 03:15

Type Values Removed Values Added
New CVE
Information

Published : 2024-01-18 03:15

Updated : 2024-11-21 08:31

NVD link : CVE-2023-48339

Mitre link : CVE-2023-48339

CVE.ORG link : CVE-2023-48339

JSON object : View

Products Affected

unisoc

  • s8000
  • t606
  • t616
  • t770
  • t310
  • sc9832e
  • t618
  • t820
  • t612
  • t610
  • t760
  • sc7731e
  • sc9863a

google

  • android
CWE
CWE-862

Missing Authorization