A critical vulnerability has been discovered in smartphones based on the UNISOC chip that can be used to reset the smartphone’s modem using a malformed package.
Let me remind you that we also talked about the fact that Bugs in MediaTek chips allow tracking users of 37% of smartphones in the world, and also that Bugs in ALAC audio codec threaten millions of Android devices .UNISOC is a major semiconductor manufacturer based in Shanghai. The company is the world’s fourth largest manufacturer of mobile processors after Mediatek, Qualcomm and Apple.
According to Counterpoint Research, UNISOC accounts for 10% of all SoC shipments in Q3 2021.
The fixed vulnerability has been assigned the identifier CVE-2022-20210, and its severity is rated at 9.4 points according to CVSS. The vulnerability is related to a buffer overflow in the component that handles Non-Access Stratum (NAS) messages in the modem firmware, resulting in a denial of service.
CVE-2022-20210 will be released with the June 2022 Android Security Bulletin. Experts recommend installing an update with a fix as soon as it becomes available.