July 13, 2024
Qualcomm Chipsets and Lenovo BIOS Get Safety Updates to Repair A number of Flaws

Jan 04, 2023Ravie LakshmananFirmware Safety

Qualcomm on Tuesday released patches to deal with a number of safety flaws in its chipsets, a few of which may very well be exploited to trigger data disclosure and reminiscence corruption.

The 5 vulnerabilities — tracked from CVE-2022-40516 by way of CVE-2022-40520 — additionally impression Lenovo ThinkPad X13s laptops, prompting the Chinese language PC maker to concern BIOS updates to plug the safety holes.

The record of flaws is as follows –

  • CVE-2022-40516, CVE-2022-40517 & CVE-2022-40520 (CVSS scores: 8.4) – Reminiscence corruption in Core attributable to stack-based buffer overflow
  • CVE-2022-40518 & CVE-2022-40519 (CVSS scores: 6.8) – Info disclosure attributable to buffer over-read in Core

Stack-based buffer overflow vulnerabilities may end up in extreme impacts, resembling information corruption, system crashes, and arbitrary code execution. Buffer over-reads, alternatively, will be weaponized to learn out-of-bounds reminiscence, resulting in the publicity of secret information.

Profitable exploitation of the aforementioned flaws might enable an area adversary with elevated privileges to trigger reminiscence corruption or leak delicate data, Lenovo noted in an alert printed Tuesday.

Additionally remediated by Lenovo are 4 extra buffer over-read vulnerabilities in ThinkPad X13 BIOS that would result in data disclosure. The failings are tracked as CVE-2022-4432, CVE-2022-4433, CVE-2022-4434, and CVE-2022-4435.

ThinkPad X13 customers are really useful to replace the BIOS to model 1.47 (N3HET75W) or newer. Firmware safety agency Binarly has been credited with discovering and reporting the 9 shortcomings.

Qualcomm’s January 2023 safety bulletin additional closes out 17 different vulnerabilities, together with one vital reminiscence corruption bug within the Automotive element (CVE-2022-33219, CVSS rating: 9.3) arising because of a buffer overflow flaw.

Discovered this text attention-grabbing? Comply with us on Twitter and LinkedIn to learn extra unique content material we submit.