Qualcomm on Tuesday released patches to handle a number of safety flaws in its chipsets, a few of which might be exploited to trigger info disclosure and reminiscence corruption.
The 5 vulnerabilities — tracked from CVE-2022-40516 by CVE-2022-40520 — additionally impression Lenovo ThinkPad X13s laptops, prompting the Chinese language PC maker to difficulty BIOS updates to plug the safety holes.
The record of flaws is as follows –
- CVE-2022-40516, CVE-2022-40517 & CVE-2022-40520 (CVSS scores: 8.4) – Reminiscence corruption in Core as a result of stack-based buffer overflow
- CVE-2022-40518 & CVE-2022-40519 (CVSS scores: 6.8) – Data disclosure as a result of buffer over-read in Core
Stack-based buffer overflow vulnerabilities may end up in extreme impacts, resembling knowledge corruption, system crashes, and arbitrary code execution. Buffer over-reads, alternatively, will be weaponized to learn out-of-bounds reminiscence, resulting in the publicity of secret knowledge.
Profitable exploitation of the aforementioned flaws might permit a neighborhood adversary with elevated privileges to trigger reminiscence corruption or leak delicate info, Lenovo noted in an alert printed Tuesday.
Additionally remediated by Lenovo are 4 extra buffer over-read vulnerabilities in ThinkPad X13 BIOS that would result in info disclosure. The issues are tracked as CVE-2022-4432, CVE-2022-4433, CVE-2022-4434, and CVE-2022-4435.
ThinkPad X13 customers are advisable to replace the BIOS to model 1.47 (N3HET75W) or newer. Firmware safety agency Binarly has been credited with discovering and reporting the 9 shortcomings.
Qualcomm’s January 2023 safety bulletin additional closes out 17 different vulnerabilities, together with one crucial reminiscence corruption bug within the Automotive part (CVE-2022-33219, CVSS rating: 9.3) arising because of a buffer overflow flaw.