CVE-2024-23658

In camera driver, there is a possible use after free due to a logic error. This could lead to local denial of service with System execution privileges needed

CVSS v3 4.4 MEDIUM

4.4^/10

CVSS v3 : MEDIUM

V3 Legend

Vector :

Exploitability : 0.8 / Impact : 3.6

Attack Vector LOCAL

Attack Complexity LOW

Privileges Required HIGH

User Interaction NONE

Confidentiality Impact NONE

Integrity Impact NONE

Availability Impact HIGH

Scope UNCHANGED

References

Link	Resource
https://www.unisoc.com/en_us/secy/announcementDetail/1777143682512781313	Vendor Advisory
https://www.unisoc.com/en_us/secy/announcementDetail/1777143682512781313	Vendor Advisory

Configurations

Configuration 1 (hide)

AND

OR	cpe:2.3:o:google:android:12.0:::::::*
	cpe:2.3:o:google:android:13.0:::::::*
	cpe:2.3:o:google:android:14.0:::::::*

OR	cpe:2.3:h:unisoc:s8000:-:::::::*
	cpe:2.3:h:unisoc:sc7731e:-:::::::*
	cpe:2.3:h:unisoc:sc9832e:-:::::::*
	cpe:2.3:h:unisoc:sc9863a:-:::::::*
	cpe:2.3:h:unisoc:t310:-:::::::*
	cpe:2.3:h:unisoc:t606:-:::::::*
	cpe:2.3:h:unisoc:t610:-:::::::*
	cpe:2.3:h:unisoc:t612:-:::::::*
	cpe:2.3:h:unisoc:t616:-:::::::*
	cpe:2.3:h:unisoc:t618:-:::::::*
	cpe:2.3:h:unisoc:t760:-:::::::*
	cpe:2.3:h:unisoc:t770:-:::::::*
	cpe:2.3:h:unisoc:t820:-:::::::*

History

06 May 2025, 13:54

Type	Values Removed	Values Added
References	~~() https://www.unisoc.com/en_us/secy/announcementDetail/1777143682512781313 -~~	() https://www.unisoc.com/en_us/secy/announcementDetail/1777143682512781313 - Vendor Advisory
CPE		cpe:2.3:h:unisoc:sc9863a:-:::::::* cpe:2.3:h:unisoc:t310:-:::::::* cpe:2.3:o:google:android:13.0:::::::* cpe:2.3:h:unisoc:sc7731e:-:::::::* cpe:2.3:h:unisoc:sc9832e:-:::::::* cpe:2.3:h:unisoc:t770:-:::::::* cpe:2.3:h:unisoc:t760:-:::::::* cpe:2.3:h:unisoc:t610:-:::::::* cpe:2.3:h:unisoc:t612:-:::::::* cpe:2.3:o:google:android:12.0:::::::* cpe:2.3:h:unisoc:t618:-:::::::* cpe:2.3:h:unisoc:t820:-:::::::* cpe:2.3:h:unisoc:t616:-:::::::* cpe:2.3:o:google:android:14.0:::::::* cpe:2.3:h:unisoc:t606:-:::::::* cpe:2.3:h:unisoc:s8000:-:::::::*
First Time		Unisoc sc7731e Unisoc sc9863a Unisoc t610 Unisoc t612 Google Unisoc t310 Unisoc t616 Unisoc t618 Unisoc t606 Unisoc s8000 Unisoc t820 Unisoc Unisoc sc9832e Unisoc t760 Unisoc t770 Google android

21 Nov 2024, 08:58

Type	Values Removed	Values Added
References	~~() https://www.unisoc.com/en_us/secy/announcementDetail/1777143682512781313 -~~	() https://www.unisoc.com/en_us/secy/announcementDetail/1777143682512781313 -

27 Oct 2024, 14:35

Type	Values Removed	Values Added
CVSS	v2 : ~~unknown~~ v3 : ~~unknown~~	v2 : unknown v3 : 4.4
CWE		CWE-416

08 Apr 2024, 18:48

Type	Values Removed	Values Added
Summary		(es) En el controlador de la cámara, existe un posible use-after-free debido a un error lógico. Esto podría provocar una denegación de servicio local con privilegios de ejecución del System necesarios.

08 Apr 2024, 03:15

Type	Values Removed	Values Added
New CVE

Information

Published : 2024-04-08 03:15

Updated : 2025-05-06 13:54

NVD link : CVE-2024-23658

Mitre link : CVE-2024-23658

CVE.ORG link : CVE-2024-23658

JSON object : View

Products Affected

unisoc

t606
t760
t310
t770
t612
t820
s8000
sc9832e
t616
t618
sc7731e
sc9863a
t610

google

android

CWE

CWE-416

Use After Free

{"id": "CVE-2024-23658", "cveTags": [], "metrics": {"cvssMetricV31": [{"type": "Secondary", "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 4.4, "attackVector": "LOCAL", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H", "integrityImpact": "NONE", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "HIGH", "confidentialityImpact": "NONE"}, "impactScore": 3.6, "exploitabilityScore": 0.8}]}, "published": "2024-04-08T03:15:09.013", "references": [{"url": "https://www.unisoc.com/en_us/secy/announcementDetail/1777143682512781313", "tags": ["Vendor Advisory"], "source": "security@unisoc.com"}, {"url": "https://www.unisoc.com/en_us/secy/announcementDetail/1777143682512781313", "tags": ["Vendor Advisory"], "source": "af854a3a-2127-422b-91ae-364da2661108"}], "vulnStatus": "Analyzed", "weaknesses": [{"type": "Secondary", "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "description": [{"lang": "en", "value": "CWE-416"}]}], "descriptions": [{"lang": "en", "value": "In camera driver, there is a possible use after free due to a logic error. This could lead to local denial of service with System execution privileges needed"}, {"lang": "es", "value": "En el controlador de la c\u00e1mara, existe un posible use-after-free debido a un error l\u00f3gico. Esto podr\u00eda provocar una denegaci\u00f3n de servicio local con privilegios de ejecuci\u00f3n del System necesarios."}], "lastModified": "2025-05-06T13:54:11.390", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:o:google:android:12.0:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "F8FB8EE9-FC56-4D5E-AE55-A5967634740C"}, {"criteria": "cpe:2.3:o:google:android:13.0:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "879FFD0C-9B38-4CAA-B057-1086D794D469"}, {"criteria": "cpe:2.3:o:google:android:14.0:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "2700BCC5-634D-4EC6-AB67-5B678D5F951D"}], "operator": "OR"}, {"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:h:unisoc:s8000:-:*:*:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "FDE05D06-C798-4217-8858-8C5DC2C94751"}, {"criteria": "cpe:2.3:h:unisoc:sc7731e:-:*:*:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "AC867249-B767-4802-868D-6D0E356C8294"}, {"criteria": "cpe:2.3:h:unisoc:sc9832e:-:*:*:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "25BBD3C5-E87C-4730-970C-19DF855AC3A2"}, {"criteria": "cpe:2.3:h:unisoc:sc9863a:-:*:*:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "DE00DFDE-97DD-4D33-B580-73FEF677C71B"}, {"criteria": "cpe:2.3:h:unisoc:t310:-:*:*:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "F20E00D8-2F00-4FA3-9455-37DC89908D96"}, {"criteria": "cpe:2.3:h:unisoc:t606:-:*:*:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "905E39DD-7948-40A4-B042-EBB9A9591347"}, {"criteria": "cpe:2.3:h:unisoc:t610:-:*:*:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "CDC980D6-B797-4AE1-B553-35395AE80D07"}, {"criteria": "cpe:2.3:h:unisoc:t612:-:*:*:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "98408A48-561A-49D1-967F-834311742B7F"}, {"criteria": "cpe:2.3:h:unisoc:t616:-:*:*:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "756E5850-CDC7-46C2-BAFC-1E2A359A2709"}, {"criteria": "cpe:2.3:h:unisoc:t618:-:*:*:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "39002ECE-636A-4FEB-9A0B-8127E8AAC844"}, {"criteria": "cpe:2.3:h:unisoc:t760:-:*:*:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "3D965CCA-C963-49E4-ACF0-2A9F458AF470"}, {"criteria": "cpe:2.3:h:unisoc:t770:-:*:*:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "0FFEF06A-E3E0-486F-89CC-D52FF3F26F0B"}, {"criteria": "cpe:2.3:h:unisoc:t820:-:*:*:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "49601008-D3FF-47CC-B961-6FDDFC7A0596"}], "operator": "OR"}], "operator": "AND"}], "sourceIdentifier": "security@unisoc.com"}

4.4 /10