Security News > 2022 > June > Critical UNISOC Chip Vulnerability Affects Millions of Android Smartphones

A critical security flaw has been uncovered in UNISOC's smartphone chipset that could be potentially weaponized to disrupt a smartphone's radio communications through a malformed packet.
"Left unpatched, a hacker or a military unit can leverage such a vulnerability to neutralize communications in a specific location," Israeli cybersecurity company Check Point said in a report shared with The Hacker News.
"The vulnerability is in the modem firmware, not in the Android OS itself."
The now-patched issue has been assigned the identifier CVE-2022-20210 and is rated 9.4 out of 10 for severity on the CVSS vulnerability scoring system.
In a nutshell, the vulnerability - discovered following a reverse-engineering of UNISOC's LTE protocol stack implementation - relates to a case of buffer overflow vulnerability in the component that handles Non-Access Stratum messages in the modem firmware, resulting in denial-of-service.
To mitigate the risk, it's recommended that users update their Android devices to the latest available software as and when it becomes available as part of Google's Android Security Bulletin for June 2022.
News URL
https://thehackernews.com/2022/06/critical-unisoc-chip-vulnerability.html
Related news
- Microsoft Patches Critical Azure AI Face Service Vulnerability with CVSS 9.9 Score (source)
- Qualcomm pledges 8 years of security updates for Android kit using its chips (YMMV) (source)
- Elastic Releases Urgent Fix for Critical Kibana Vulnerability Enabling Remote Code Execution (source)
- Moxa Issues Fix for Critical Authentication Bypass Vulnerability in PT Switches (source)
- Critical PHP RCE vulnerability mass exploited in new attacks (source)
- New Critical AMI BMC Vulnerability Enables Remote Server Takeover and Bricking (source)
- IBM scores perfect 10 ... vulnerability in mission-critical OS AIX (source)
- Critical Veeam Backup & Replication RCE vulnerability fixed, patch ASAP! (CVE-2025-23120) (source)
- Infoseccers criticize Veeam over critical RCE vulnerability and a failing blacklist (source)
- Critical Next.js Vulnerability Allows Attackers to Bypass Middleware Authorization Checks (source)
Related Vulnerability
DATE | CVE | VULNERABILITY TITLE | RISK |
---|---|---|---|
2022-06-15 | CVE-2022-20210 | Unspecified vulnerability in Google Android The UE and the EMM communicate with each other using NAS messages. | 9.8 |