What is CVE-2023-42655?

CVE-2023-42655 is a vulnerability in the sim service of certain Android devices, which allows an app to write permission usage records without proper permission checks, potentially leading to privilege escalation.

What is the severity of CVE-2023-42655?

CVE-2023-42655 has a severity level of medium.

Which devices are affected by CVE-2023-42655?

CVE-2023-42655 affects Android version 11.0.

How can I fix CVE-2023-42655?

To fix CVE-2023-42655, users should apply the latest security patches provided by their device manufacturer or update their Android operating system to the latest version.

Where can I find more information about CVE-2023-42655?

More information about CVE-2023-42655 can be found in the official security announcement from Unisoc: https://www.unisoc.com/en_us/secy/announcementDetail/1719615756246777857

Vulnerability/
CVE-2023-42655

medium

6.7

CWE

862

1/11/2023

5/9/2024

CVE-2023-42655

First published: Wed Nov 01 2023(Updated: )

In sim service, there is a possible way to write permission usage records of an app due to a missing permission check. This could lead to local escalation of privilege with System execution privileges needed

Credit: security@unisoc.com

Affected Software	Affected Version	How to fix
All of
Android	=11.0
Any of
Unisoc S8000 Firmware
Unisoc T760 Firmware
Unisoc T770
Unisoc T820

Never miss a vulnerability like this again

Reference Links

https://www.unisoc.com/en_us/secy/announcementDetail/https://www.unisoc.com/en_us/secy/announcementDetail/1719615756246777857

Frequently Asked Questions

What is CVE-2023-42655?
CVE-2023-42655 is a vulnerability in the sim service of certain Android devices, which allows an app to write permission usage records without proper permission checks, potentially leading to privilege escalation.
What is the severity of CVE-2023-42655?
CVE-2023-42655 has a severity level of medium.
Which devices are affected by CVE-2023-42655?
CVE-2023-42655 affects Android version 11.0.
How can I fix CVE-2023-42655?
To fix CVE-2023-42655, users should apply the latest security patches provided by their device manufacturer or update their Android operating system to the latest version.
Where can I find more information about CVE-2023-42655?
More information about CVE-2023-42655 can be found in the official security announcement from Unisoc: https://www.unisoc.com/en_us/secy/announcementDetail/1719615756246777857

agent/event
agent/type
agent/first-publish-date
agent/references
agent/author
agent/severity
agent/description
collector/mitre-cve
source/MITRE
agent/last-modified-date
agent/weakness
agent/source
agent/tags
agent/softwarecombine
collector/nvd-api
source/NVD
agent/software-canonical-lookup
agent/software-canonical-lookup-request
vendor/google
canonical/android
version/android/11.0
vendor/unisoc
canonical/unisoc s8000 firmware
canonical/unisoc t760 firmware
canonical/unisoc t770
canonical/unisoc t820

Company

Resources

Contact

SecAlerts Pty Ltd.
132 Wickham Terrace
Fortitude Valley,
QLD 4006, Australia
info@secalerts.co

By using SecAlerts services, you agree to our services end-user license agreement. This website is safeguarded by reCAPTCHA and governed by the Google Privacy Policy and Terms of Service. All names, logos, and brands of products are owned by their respective owners, and any usage of these names, logos, and brands for identification purposes only does not imply endorsement. If you possess any content that requires removal, please get in touch with us.