Qualcomm Chipsets and Lenovo BIOS Get Safety Updates to Repair A number of Flaws

Deal Score0
Deal Score0

Jan 04, 2023Ravie LakshmananFirmware Safety

Qualcomm on Tuesday released patches to handle a number of safety flaws in its chipsets, a few of which might be exploited to trigger info disclosure and reminiscence corruption.

The 5 vulnerabilities — tracked from CVE-2022-40516 by CVE-2022-40520 — additionally impression Lenovo ThinkPad X13s laptops, prompting the Chinese language PC maker to difficulty BIOS updates to plug the safety holes.

The record of flaws is as follows –

  • CVE-2022-40516, CVE-2022-40517 & CVE-2022-40520 (CVSS scores: 8.4) – Reminiscence corruption in Core as a result of stack-based buffer overflow
  • CVE-2022-40518 & CVE-2022-40519 (CVSS scores: 6.8) – Data disclosure as a result of buffer over-read in Core

Stack-based buffer overflow vulnerabilities may end up in extreme impacts, resembling knowledge corruption, system crashes, and arbitrary code execution. Buffer over-reads, alternatively, will be weaponized to learn out-of-bounds reminiscence, resulting in the publicity of secret knowledge.

Profitable exploitation of the aforementioned flaws might permit a neighborhood adversary with elevated privileges to trigger reminiscence corruption or leak delicate info, Lenovo noted in an alert printed Tuesday.

Additionally remediated by Lenovo are 4 extra buffer over-read vulnerabilities in ThinkPad X13 BIOS that would result in info disclosure. The issues are tracked as CVE-2022-4432, CVE-2022-4433, CVE-2022-4434, and CVE-2022-4435.

ThinkPad X13 customers are advisable to replace the BIOS to model 1.47 (N3HET75W) or newer. Firmware safety agency Binarly has been credited with discovering and reporting the 9 shortcomings.

Qualcomm’s January 2023 safety bulletin additional closes out 17 different vulnerabilities, together with one crucial reminiscence corruption bug within the Automotive part (CVE-2022-33219, CVSS rating: 9.3) arising because of a buffer overflow flaw.

Discovered this text fascinating? Comply with us on Twitter and LinkedIn to learn extra unique content material we put up.

We will be happy to hear your thoughts

Leave a reply

Enable registration in settings - general