UNISOC
Products
99- 558 CVEs
- 67 CVEs
- 67 CVEs
- 49 CVEs
- 16 CVEs
- 14 CVEs
- 14 CVEs
- 14 CVEs
- 13 CVEs
- 13 CVEs
- 12 CVEs
- 12 CVEs
- 11 CVEs
- 11 CVEs
- 11 CVEs
- 10 CVEs
- 10 CVEs
- 10 CVEs
- 8 CVEs
- 8 CVEs
- 8 CVEs
- 8 CVEs
- 6 CVEs
- 5 CVEs
- 5 CVEs
- 5 CVEs
- 5 CVEs
- 4 CVEs
- 4 CVEs
- 4 CVEs
- View all 99 products →
Recent CVEs
606| CVE | Vendor / Product | Sev | Risk | CVSS | EPSS | KEV | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2022-38692 | Cri | 0.64 | 9.8 | 0.00 | Sep 1, 2025 | In BootROM, there is a missing size check for RSA keys in Certificate Type 0 validation. This could lead to memory buffer overflow without requiring additional execution privileges. | ||
| CVE-2025-31715 | Cri | 0.64 | 9.8 | 0.02 | Aug 18, 2025 | In vowifi service, there is a possible command injection due to improper input validation. This could lead to remote escalation of privilege with no additional execution privileges needed. | ||
| CVE-2022-27250 | Cri | 0.64 | 9.8 | 0.01 | Mar 18, 2022 | The UNISOC chipset through 2022-03-15 allows attackers to obtain remote control of a mobile phone, e.g., to obtain sensitive information from text messages or the device's screen, record video of the device's physical environment, or modify data. | ||
| CVE-2021-39658 | Cri | 0.64 | 9.8 | 0.01 | Feb 11, 2022 | ismsEx service is a vendor service in unisoc equipment。ismsEx service is an extension of sms system service,but it does not check the permissions of the caller,resulting in permission leaks。Third-party apps can use this service to arbitrarily modify and set system… | ||
| CVE-2021-39635 | Cri | 0.59 | 9.1 | 0.00 | Feb 11, 2022 | ims_ex is a vendor system service used to manage VoLTE in unisoc devices,But it does not verify the caller's permissions,so that normal apps (No phone permissions) can obtain some VoLTE sensitive information and manage VoLTE calls.Product: AndroidVersions: Android SoCAndroid… | ||
| CVE-2023-42748 | Hig | 0.51 | 7.8 | 0.00 | Dec 4, 2023 | In telecom service, there is a possible missing permission check. This could lead to local escalation of privilege with no additional execution privileges needed | ||
| CVE-2023-42747 | Hig | 0.51 | 7.8 | 0.00 | Dec 4, 2023 | In camera service, there is a possible missing permission check. This could lead to local escalation of privilege with no additional execution privileges needed | ||
| CVE-2023-42746 | Hig | 0.51 | 7.8 | 0.00 | Dec 4, 2023 | In power manager, there is a possible missing permission check. This could lead to local escalation of privilege with no additional execution privileges needed | ||
| CVE-2023-42745 | Hig | 0.51 | 7.8 | 0.00 | Dec 4, 2023 | In telecom service, there is a possible missing permission check. This could lead to local escalation of privilege with no additional execution privileges needed | ||
| CVE-2023-42743 | Hig | 0.51 | 7.8 | 0.00 | Dec 4, 2023 | In telecom service, there is a possible missing permission check. This could lead to local escalation of privilege with no additional execution privileges needed | ||
| CVE-2023-42740 | Hig | 0.51 | 7.8 | 0.00 | Dec 4, 2023 | In telecom service, there is a possible way to write permission usage records of an app due to a missing permission check. This could lead to local escalation of privilege with no additional execution privileges needed | ||
| CVE-2023-42739 | Hig | 0.51 | 7.8 | 0.00 | Dec 4, 2023 | In engineermode service, there is a possible way to write permission usage records of an app due to a missing permission check. This could lead to local escalation of privilege with no additional execution privileges needed | ||
| CVE-2023-42738 | Hig | 0.51 | 7.8 | 0.00 | Dec 4, 2023 | In telocom service, there is a possible missing permission check. This could lead to local escalation of privilege with no additional execution privileges needed | ||
| CVE-2023-42736 | Hig | 0.51 | 7.8 | 0.00 | Dec 4, 2023 | In telecom service, there is a possible missing permission check. This could lead to local escalation of privilege with no additional execution privileges needed | ||
| CVE-2023-42696 | Hig | 0.51 | 7.8 | 0.00 | Dec 4, 2023 | In telecom service, there is a possible missing permission check. This could lead to local escalation of privilege with no additional execution privileges needed | ||
| CVE-2023-42695 | Hig | 0.51 | 7.8 | 0.00 | Dec 4, 2023 | In wifi service, there is a possible missing permission check. This could lead to local escalation of privilege with no additional execution privileges needed | ||
| CVE-2023-42694 | Hig | 0.51 | 7.8 | 0.00 | Dec 4, 2023 | In wifi service, there is a possible missing permission check. This could lead to local escalation of privilege with no additional execution privileges needed | ||
| CVE-2023-42693 | Hig | 0.51 | 7.8 | 0.00 | Dec 4, 2023 | In wifi service, there is a possible missing permission check. This could lead to local escalation of privilege with no additional execution privileges needed | ||
| CVE-2023-42692 | Hig | 0.51 | 7.8 | 0.00 | Dec 4, 2023 | In wifi service, there is a possible missing permission check. This could lead to local escalation of privilege with no additional execution privileges needed | ||
| CVE-2023-42691 | Hig | 0.51 | 7.8 | 0.00 | Dec 4, 2023 | In wifi service, there is a possible missing permission check. This could lead to local escalation of privilege with no additional execution privileges needed |
- risk 0.64cvss 9.8epss 0.00
In BootROM, there is a missing size check for RSA keys in Certificate Type 0 validation. This could lead to memory buffer overflow without requiring additional execution privileges.
- risk 0.64cvss 9.8epss 0.02
In vowifi service, there is a possible command injection due to improper input validation. This could lead to remote escalation of privilege with no additional execution privileges needed.
- risk 0.64cvss 9.8epss 0.01
The UNISOC chipset through 2022-03-15 allows attackers to obtain remote control of a mobile phone, e.g., to obtain sensitive information from text messages or the device's screen, record video of the device's physical environment, or modify data.
- risk 0.64cvss 9.8epss 0.01
ismsEx service is a vendor service in unisoc equipment。ismsEx service is an extension of sms system service,but it does not check the permissions of the caller,resulting in permission leaks。Third-party apps can use this service to arbitrarily modify and set system…
- risk 0.59cvss 9.1epss 0.00
ims_ex is a vendor system service used to manage VoLTE in unisoc devices,But it does not verify the caller's permissions,so that normal apps (No phone permissions) can obtain some VoLTE sensitive information and manage VoLTE calls.Product: AndroidVersions: Android SoCAndroid…
- risk 0.51cvss 7.8epss 0.00
In telecom service, there is a possible missing permission check. This could lead to local escalation of privilege with no additional execution privileges needed
- risk 0.51cvss 7.8epss 0.00
In camera service, there is a possible missing permission check. This could lead to local escalation of privilege with no additional execution privileges needed
- risk 0.51cvss 7.8epss 0.00
In power manager, there is a possible missing permission check. This could lead to local escalation of privilege with no additional execution privileges needed
- risk 0.51cvss 7.8epss 0.00
In telecom service, there is a possible missing permission check. This could lead to local escalation of privilege with no additional execution privileges needed
- risk 0.51cvss 7.8epss 0.00
In telecom service, there is a possible missing permission check. This could lead to local escalation of privilege with no additional execution privileges needed
- risk 0.51cvss 7.8epss 0.00
In telecom service, there is a possible way to write permission usage records of an app due to a missing permission check. This could lead to local escalation of privilege with no additional execution privileges needed
- risk 0.51cvss 7.8epss 0.00
In engineermode service, there is a possible way to write permission usage records of an app due to a missing permission check. This could lead to local escalation of privilege with no additional execution privileges needed
- risk 0.51cvss 7.8epss 0.00
In telocom service, there is a possible missing permission check. This could lead to local escalation of privilege with no additional execution privileges needed
- risk 0.51cvss 7.8epss 0.00
In telecom service, there is a possible missing permission check. This could lead to local escalation of privilege with no additional execution privileges needed
- risk 0.51cvss 7.8epss 0.00
In telecom service, there is a possible missing permission check. This could lead to local escalation of privilege with no additional execution privileges needed
- risk 0.51cvss 7.8epss 0.00
In wifi service, there is a possible missing permission check. This could lead to local escalation of privilege with no additional execution privileges needed
- risk 0.51cvss 7.8epss 0.00
In wifi service, there is a possible missing permission check. This could lead to local escalation of privilege with no additional execution privileges needed
- risk 0.51cvss 7.8epss 0.00
In wifi service, there is a possible missing permission check. This could lead to local escalation of privilege with no additional execution privileges needed
- risk 0.51cvss 7.8epss 0.00
In wifi service, there is a possible missing permission check. This could lead to local escalation of privilege with no additional execution privileges needed
- risk 0.51cvss 7.8epss 0.00
In wifi service, there is a possible missing permission check. This could lead to local escalation of privilege with no additional execution privileges needed