Qualcomm on Tuesday launched patches to handle a number of safety flaws in its chipsets, a few of which might be exploited to trigger info disclosure and reminiscence corruption.
The 5 vulnerabilities — tracked from CVE-2022-40516 via CVE-2022-40520 — additionally impression Lenovo ThinkPad X13s laptops, prompting the Chinese language PC maker to situation BIOS updates to plug the safety holes.
The listing of flaws is as follows –
- CVE-2022-40516, CVE-2022-40517 & CVE-2022-40520 (CVSS scores: 8.4) – Reminiscence corruption in Core as a result of stack-based buffer overflow
- CVE-2022-40518 & CVE-2022-40519 (CVSS scores: 6.8) – Data disclosure as a result of buffer over-read in Core
Stack-based buffer overflow vulnerabilities can lead to extreme impacts, comparable to knowledge corruption, system crashes, and arbitrary code execution. Buffer over-reads, alternatively, might be weaponized to learn out-of-bounds reminiscence, resulting in the publicity of secret knowledge.
Profitable exploitation of the aforementioned flaws may permit a neighborhood adversary with elevated privileges to trigger reminiscence corruption or leak delicate info, Lenovo famous in an alert revealed Tuesday.
Additionally remediated by Lenovo are 4 extra buffer over-read vulnerabilities in ThinkPad X13 BIOS that might result in info disclosure. The issues are tracked as CVE-2022-4432, CVE-2022-4433, CVE-2022-4434, and CVE-2022-4435.
ThinkPad X13 customers are beneficial to replace the BIOS to model 1.47 (N3HET75W) or newer. Firmware safety agency Binarly has been credited with discovering and reporting the 9 shortcomings.
Qualcomm’s January 2023 safety bulletin additional closes out 17 different vulnerabilities, together with one important reminiscence corruption bug within the Automotive element (CVE-2022-33219, CVSS rating: 9.3) arising on account of a buffer overflow flaw.
