CVE-2023-52535 - Vulnerability Details - OpenCVE

In vsp driver, there is a possible missing verification incorrect input. This could lead to local denial of service with no additional execution privileges needed

No CVSS v4.0

Attack Vector Local

Attack Complexity Low

Privileges Required Low

Scope Unchanged

Confidentiality Impact None

Integrity Impact Low

Availability Impact Low

User Interaction None

No CVSS v3.0

No CVSS v2

This CVE is not in the KEV list.

Key SSVC decision points have not yet been added.

Vendors	Products
Google	Android
Unisoc	Sc7731e Sc9832e Sc9863a T310 T610 T618

Configuration 1 [-]

AND

OR	cpe:2.3:o:google:android:12.0:::::::*
	cpe:2.3:o:google:android:13.0:::::::*

OR	cpe:2.3:h:unisoc:sc7731e:-:::::::*
	cpe:2.3:h:unisoc:sc9832e:-:::::::*
	cpe:2.3:h:unisoc:sc9863a:-:::::::*
	cpe:2.3:h:unisoc:t310:-:::::::*
	cpe:2.3:h:unisoc:t610:-:::::::*
	cpe:2.3:h:unisoc:t618:-:::::::*

No data.

References

Link	Providers
https://www.unisoc.com/en_us/secy/announcementDetail/1777148475750809602

History

Tue, 06 May 2025 14:15:00 +0000

Type	Values Removed	Values Added
First Time appeared		Google Google android Unisoc Unisoc sc7731e Unisoc sc9832e Unisoc sc9863a Unisoc t310 Unisoc t610 Unisoc t618
CPEs		cpe:2.3:h:unisoc:sc7731e:-:::::::* cpe:2.3:h:unisoc:sc9832e:-:::::::* cpe:2.3:h:unisoc:sc9863a:-:::::::* cpe:2.3:h:unisoc:t310:-:::::::* cpe:2.3:h:unisoc:t610:-:::::::* cpe:2.3:h:unisoc:t618:-:::::::* cpe:2.3:o:google:android:12.0:::::::* cpe:2.3:o:google:android:13.0:::::::*
Vendors & Products		Google Google android Unisoc Unisoc sc7731e Unisoc sc9832e Unisoc sc9863a Unisoc t310 Unisoc t610 Unisoc t618

Fri, 06 Sep 2024 23:00:00 +0000

Type	Values Removed	Values Added
Weaknesses		CWE-20
Metrics		cvssV3_1 `{'score': 4.4, 'vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:L'}`

MITRE

Status: PUBLISHED

Assigner: Unisoc

Published: 2024-04-08T02:21:40.221Z

Updated: 2024-09-06T22:04:32.854Z

Reserved: 2024-02-26T05:56:52.680Z

Link: CVE-2023-52535

Vulnrichment

Updated: 2024-08-02T23:03:20.600Z

NVD

Status : Analyzed

Published: 2024-04-08T03:15:08.923

Modified: 2025-05-06T13:55:02.160

Link: CVE-2023-52535

Redhat

No data.

{"dataType": "CVE_RECORD", "dataVersion": "5.1", "cveMetadata": {"cveId": "CVE-2023-52535", "assignerOrgId": "63f92e9c-2193-4c24-98a9-93640392c3d3", "state": "PUBLISHED", "assignerShortName": "Unisoc", "dateReserved": "2024-02-26T05:56:52.680Z", "datePublished": "2024-04-08T02:21:40.221Z", "dateUpdated": "2024-09-06T22:04:32.854Z"}, "containers": {"cna": {"providerMetadata": {"orgId": "63f92e9c-2193-4c24-98a9-93640392c3d3", "shortName": "Unisoc", "dateUpdated": "2024-04-08T02:21:40.221Z"}, "references": [{"url": "https://www.unisoc.com/en_us/secy/announcementDetail/1777148475750809602"}], "affected": [{"defaultStatus": "unaffected", "product": "SC7731E/SC9832E/SC9863A/T310/T610/T618", "versions": [{"version": "Android12/Android13", "status": "affected"}], "vendor": "Unisoc (Shanghai) Technologies Co., Ltd."}], "descriptions": [{"lang": "en", "value": "In vsp driver, there is a possible missing verification incorrect input. This could lead to local denial of service with no additional execution privileges needed"}]}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-02T23:03:20.600Z"}, "title": "CVE Program Container", "references": [{"url": "https://www.unisoc.com/en_us/secy/announcementDetail/1777148475750809602", "tags": ["x_transferred"]}]}, {"problemTypes": [{"descriptions": [{"type": "CWE", "cweId": "CWE-20", "lang": "en", "description": "CWE-20 Improper Input Validation"}]}], "affected": [{"vendor": "unisoc", "product": "andriod12", "cpes": ["cpe:2.3:a:unisoc:andriod12:*:*:*:*:*:*:*:*"], "defaultStatus": "affected", "versions": [{"version": "0", "status": "affected", "lessThanOrEqual": "*", "versionType": "custom"}]}, {"vendor": "unisoc", "product": "andriod13", "cpes": ["cpe:2.3:a:unisoc:andriod13:*:*:*:*:*:*:*:*"], "defaultStatus": "unknown", "versions": [{"version": "0", "status": "affected", "lessThanOrEqual": "*", "versionType": "custom"}]}], "metrics": [{"cvssV3_1": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 4.4, "attackVector": "LOCAL", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:L", "integrityImpact": "LOW", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "LOW", "privilegesRequired": "LOW", "confidentialityImpact": "NONE"}}, {"other": {"type": "ssvc", "content": {"timestamp": "2024-08-08T14:51:45.689004Z", "id": "CVE-2023-52535", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "role": "CISA Coordinator", "version": "2.0.3"}}}], "title": "CISA ADP Vulnrichment", "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2024-09-06T22:04:32.854Z"}}]}}

{"dataType": "CVE_RECORD", "containers": {"adp": [{"title": "CVE Program Container", "references": [{"url": "https://www.unisoc.com/en_us/secy/announcementDetail/1777148475750809602", "tags": ["x_transferred"]}], "providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-02T23:03:20.600Z"}}, {"title": "CISA ADP Vulnrichment", "metrics": [{"cvssV3_1": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 4.4, "attackVector": "LOCAL", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:L", "integrityImpact": "LOW", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "LOW", "privilegesRequired": "LOW", "confidentialityImpact": "NONE"}}, {"other": {"type": "ssvc", "content": {"id": "CVE-2023-52535", "role": "CISA Coordinator", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "version": "2.0.3", "timestamp": "2024-08-08T14:51:45.689004Z"}}}], "affected": [{"cpes": ["cpe:2.3:a:unisoc:andriod12:*:*:*:*:*:*:*:*"], "vendor": "unisoc", "product": "andriod12", "versions": [{"status": "affected", "version": "0", "versionType": "custom", "lessThanOrEqual": "*"}], "defaultStatus": "affected"}, {"cpes": ["cpe:2.3:a:unisoc:andriod13:*:*:*:*:*:*:*:*"], "vendor": "unisoc", "product": "andriod13", "versions": [{"status": "affected", "version": "0", "versionType": "custom", "lessThanOrEqual": "*"}], "defaultStatus": "unknown"}], "problemTypes": [{"descriptions": [{"lang": "en", "type": "CWE", "cweId": "CWE-20", "description": "CWE-20 Improper Input Validation"}]}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2024-08-13T18:41:40.909Z"}}], "cna": {"affected": [{"vendor": "Unisoc (Shanghai) Technologies Co., Ltd.", "product": "SC7731E/SC9832E/SC9863A/T310/T610/T618", "versions": [{"status": "affected", "version": "Android12/Android13"}], "defaultStatus": "unaffected"}], "references": [{"url": "https://www.unisoc.com/en_us/secy/announcementDetail/1777148475750809602"}], "descriptions": [{"lang": "en", "value": "In vsp driver, there is a possible missing verification incorrect input. This could lead to local denial of service with no additional execution privileges needed"}], "providerMetadata": {"orgId": "63f92e9c-2193-4c24-98a9-93640392c3d3", "shortName": "Unisoc", "dateUpdated": "2024-04-08T02:21:40.221Z"}}}, "cveMetadata": {"cveId": "CVE-2023-52535", "state": "PUBLISHED", "dateUpdated": "2024-09-06T22:04:32.854Z", "dateReserved": "2024-02-26T05:56:52.680Z", "assignerOrgId": "63f92e9c-2193-4c24-98a9-93640392c3d3", "datePublished": "2024-04-08T02:21:40.221Z", "assignerShortName": "Unisoc"}, "dataVersion": "5.1"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:google:android:12.0:*:*:*:*:*:*:*", "matchCriteriaId": "F8FB8EE9-FC56-4D5E-AE55-A5967634740C", "vulnerable": true}, {"criteria": "cpe:2.3:o:google:android:13.0:*:*:*:*:*:*:*", "matchCriteriaId": "879FFD0C-9B38-4CAA-B057-1086D794D469", "vulnerable": true}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:h:unisoc:sc7731e:-:*:*:*:*:*:*:*", "matchCriteriaId": "AC867249-B767-4802-868D-6D0E356C8294", "vulnerable": false}, {"criteria": "cpe:2.3:h:unisoc:sc9832e:-:*:*:*:*:*:*:*", "matchCriteriaId": "25BBD3C5-E87C-4730-970C-19DF855AC3A2", "vulnerable": false}, {"criteria": "cpe:2.3:h:unisoc:sc9863a:-:*:*:*:*:*:*:*", "matchCriteriaId": "DE00DFDE-97DD-4D33-B580-73FEF677C71B", "vulnerable": false}, {"criteria": "cpe:2.3:h:unisoc:t310:-:*:*:*:*:*:*:*", "matchCriteriaId": "F20E00D8-2F00-4FA3-9455-37DC89908D96", "vulnerable": false}, {"criteria": "cpe:2.3:h:unisoc:t610:-:*:*:*:*:*:*:*", "matchCriteriaId": "CDC980D6-B797-4AE1-B553-35395AE80D07", "vulnerable": false}, {"criteria": "cpe:2.3:h:unisoc:t618:-:*:*:*:*:*:*:*", "matchCriteriaId": "39002ECE-636A-4FEB-9A0B-8127E8AAC844", "vulnerable": false}], "negate": false, "operator": "OR"}], "operator": "AND"}], "cveTags": [], "descriptions": [{"lang": "en", "value": "In vsp driver, there is a possible missing verification incorrect input. This could lead to local denial of service with no additional execution privileges needed"}, {"lang": "es", "value": "En el controlador vsp, es posible que falte una entrada incorrecta de verificaci\u00f3n. Esto podr\u00eda provocar una denegaci\u00f3n de servicio local sin necesidad de privilegios de ejecuci\u00f3n adicionales."}], "id": "CVE-2023-52535", "lastModified": "2025-05-06T13:55:02.160", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "LOW", "baseScore": 4.4, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "LOW", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:L", "version": "3.1"}, "exploitabilityScore": 1.8, "impactScore": 2.5, "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary"}]}, "published": "2024-04-08T03:15:08.923", "references": [{"source": "security@unisoc.com", "tags": ["Vendor Advisory"], "url": "https://www.unisoc.com/en_us/secy/announcementDetail/1777148475750809602"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Vendor Advisory"], "url": "https://www.unisoc.com/en_us/secy/announcementDetail/1777148475750809602"}], "sourceIdentifier": "security@unisoc.com", "vulnStatus": "Analyzed", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-20"}], "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary"}]}