Qualcomm on Tuesday unveiled patches to tackle various security flaws in its chipsets, some of which could be exploited to result in information and facts disclosure and memory corruption.
The five vulnerabilities — tracked from CVE-2022-40516 by CVE-2022-40520 — also affect Lenovo ThinkPad X13s laptops, prompting the Chinese Computer system maker to issue BIOS updates to plug the security holes.
The checklist of flaws is as follows –
- CVE-2022-40516, CVE-2022-40517 & CVE-2022-40520 (CVSS scores: 8.4) – Memory corruption in Core thanks to stack-primarily based buffer overflow
- CVE-2022-40518 & CVE-2022-40519 (CVSS scores: 6.8) – Data disclosure due to buffer more than-browse in Main
Stack-centered buffer overflow vulnerabilities can end result in intense impacts, these types of as facts corruption, program crashes, and arbitrary code execution. Buffer in excess of-reads, on the other hand, can be weaponized to go through out-of-bounds memory, top to the publicity of secret data.
Profitable exploitation of the aforementioned flaws could permit a nearby adversary with elevated privileges to lead to memory corruption or leak delicate details, Lenovo famous in an inform posted Tuesday.
Also remediated by Lenovo are 4 more buffer in excess of-study vulnerabilities in ThinkPad X13 BIOS that could guide to info disclosure. The flaws are tracked as CVE-2022-4432, CVE-2022-4433, CVE-2022-4434, and CVE-2022-4435.
ThinkPad X13 buyers are proposed to update the BIOS to model 1.47 (N3HET75W) or more recent. Firmware security firm Binarly has been credited with discovering and reporting the nine shortcomings.
Qualcomm’s January 2023 security bulletin further more closes out 17 other vulnerabilities, which includes a person critical memory corruption bug in the Automotive part (CVE-2022-33219, CVSS rating: 9.3) arising as a outcome of a buffer overflow flaw.
Uncovered this posting intriguing? Abide by us on Twitter and LinkedIn to go through much more exceptional articles we put up.
Some components of this short article are sourced from: