Critical Vulnerability Found in Motorola’s Unisoc Chips
Security researchers at cyber threat intelligence company Checkpoint Research have detected a critical vulnerability in the Motorola Unisoc Tiger Y700 chips. The smartphones impacted are the Motorola Moto G20, E30 and E40 smartphones. The components have been identified as threat vectors due to a stack overflow vulnerability. The components made their way into the devices due to a global chip shortage pertaining to MediaTek’s chips. The flaw was specifically observed omitting the check that ensures the modem’s connection handler is reading a valid IMSI when connecting to a network.
Checkpoint says that the handler can read a zero-digit field, creating stack overflow conditions that could block the user from the network and leaves devices open to exploitation via remote code execution or a denial of service (DoS) attack. Checkpoint released a dedicated report that provides more details about the vulnerability. The company also stated that it disclosed the findings to Unisoc in May of this year. The vulnerability has been given a CVSS score of 9.4 out of 10 due to the possibility of remote code execution. There are currently no reports of the vulnerability being actively exploited in the wild.