CVE-2024-39442
Description
In sprd ssense service, there is a possible missing permission check. This could lead to local information disclosure with no additional execution privileges needed.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Missing permission check in Unisoc's sprd ssense service on Android allows local information disclosure without additional privileges.
CVE-2024-39442 describes a missing permission check in the sprd ssense service on Unisoc chipsets. The vulnerability is classified as CWE-862 Missing Authorization and affects Android versions 13, 14, and 15 across a wide range of chipsets including SC7731E, SC9832E, SC9863A, T310, T606, T612, T616, T610, T618, T750, T765, T760, T770, T820, S8000, T8300, and T9300 [1].
Exploitation requires local access but no authentication or additional execution privileges. The attack complexity is low, and the attack vector is local, meaning any app or process with local access can potentially trigger the missing permission check to disclose sensitive information [1].
The impact is limited to information disclosure with a high confidentiality impact (C:H). There is no impact on integrity or availability. The CVSS v3.1 score is 6.2 (Medium) with the vector AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N [1].
Unisoc has published an advisory detailing the affected chipsets and software versions. Device OEMs are advised to contact Unisoc for the latest patch information and apply necessary updates to mitigate the vulnerability [1].
AI Insight generated on May 20, 2026. Synthesized from this CVE's description and the cited reference URLs; citations are validated against the source bundle.
Affected products
1Patches
0No patches discovered yet.
Vulnerability mechanics
AI mechanics synthesis has not run for this CVE yet.
References
1News mentions
0No linked articles in our index yet.