PT-2023-22856 · Unknown · Uwbaospadapterservice
Published
2023-07-06
·
Updated
2023-07-12
·
CVE-2023-30660
CVSS v3.1
6.2
Medium
| Vector | AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N |
Name of the Vulnerable Software and Affected Versions
UwbAospAdapterService versions prior to SMR Jul-2023 Release 1
Description
The issue allows local attackers to access the UWB chipset Identifier due to an Exposure of Sensitive Information vulnerability in the getDefaultChipId function. This vulnerability is present in the UwbAospAdapterService.
Recommendations
For versions prior to SMR Jul-2023 Release 1, consider restricting access to the getDefaultChipId function in UwbAospAdapterService until a patch is available. As a temporary workaround, disabling the
getDefaultChipId function can help minimize the risk of exploitation.Fix
Found an issue in the description? Have something to add? Feel free to write us 👾
Related Identifiers
Affected Products
Uwbaospadapterservice