First published: Fri Oct 14 2022(Updated: )
In soundrecorder service, there is a missing permission check. This could lead to elevation of privilege in contacts service with no additional execution privileges needed.
Credit: security@unisoc.com
Affected Software | Affected Version | How to fix |
---|---|---|
Google Android | ||
Google Android | =10.0 | |
Google Android | =11.0 | |
Google Android | =12.0 | |
unisoc s8000 | ||
Unisoc SC7731 | ||
unisoc sc9832e | ||
unisoc sc9863a | ||
unisoc t310 | ||
unisoc t606 | ||
unisoc t610 | ||
unisoc t612 | ||
unisoc t616 | ||
unisoc t618 | ||
unisoc t760 | ||
unisoc t770 | ||
unisoc t820 |
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
CVE-2022-38670 is a vulnerability in the soundrecorder service in Google Android that allows for elevation of privilege in the contacts service.
CVE-2022-38670 has a severity rating of 7.8, which is considered high.
CVE-2022-38670 affects Android versions 10.0, 11.0, and 12.0.
To fix CVE-2022-38670, users should update their Android devices to the latest version available.
More information about CVE-2022-38670 can be found on the official Android Security Bulletin for November 2022 and on the Unisoc website.