Wednesday, January 4, 2023
HomeInformation SecurityQualcomm Chipsets and Lenovo BIOS Get Safety Updates to Repair A number...

Qualcomm Chipsets and Lenovo BIOS Get Safety Updates to Repair A number of Flaws


Jan 04, 2023Ravie LakshmananFirmware Safety

Qualcomm on Tuesday launched patches to handle a number of safety flaws in its chipsets, a few of which might be exploited to trigger info disclosure and reminiscence corruption.

The 5 vulnerabilities — tracked from CVE-2022-40516 via CVE-2022-40520 — additionally impression Lenovo ThinkPad X13s laptops, prompting the Chinese language PC maker to situation BIOS updates to plug the safety holes.

The listing of flaws is as follows –

  • CVE-2022-40516, CVE-2022-40517 & CVE-2022-40520 (CVSS scores: 8.4) – Reminiscence corruption in Core as a result of stack-based buffer overflow
  • CVE-2022-40518 & CVE-2022-40519 (CVSS scores: 6.8) – Data disclosure as a result of buffer over-read in Core

Stack-based buffer overflow vulnerabilities can lead to extreme impacts, comparable to knowledge corruption, system crashes, and arbitrary code execution. Buffer over-reads, alternatively, might be weaponized to learn out-of-bounds reminiscence, resulting in the publicity of secret knowledge.

Profitable exploitation of the aforementioned flaws may permit a neighborhood adversary with elevated privileges to trigger reminiscence corruption or leak delicate info, Lenovo famous in an alert revealed Tuesday.

Additionally remediated by Lenovo are 4 extra buffer over-read vulnerabilities in ThinkPad X13 BIOS that might result in info disclosure. The issues are tracked as CVE-2022-4432, CVE-2022-4433, CVE-2022-4434, and CVE-2022-4435.

ThinkPad X13 customers are beneficial to replace the BIOS to model 1.47 (N3HET75W) or newer. Firmware safety agency Binarly has been credited with discovering and reporting the 9 shortcomings.

Qualcomm’s January 2023 safety bulletin additional closes out 17 different vulnerabilities, together with one important reminiscence corruption bug within the Automotive element (CVE-2022-33219, CVSS rating: 9.3) arising on account of a buffer overflow flaw.

Discovered this text fascinating? Observe us on Twitter and LinkedIn to learn extra unique content material we put up.



RELATED ARTICLES

LEAVE A REPLY

Please enter your comment!
Please enter your name here

- Advertisment -
Google search engine

Most Popular

Recent Comments