Latest Cyber Security News

You are here: Home / General Cyber Security News / Qualcomm Chipsets and Lenovo BIOS Get Security Updates to Fix Multiple Flaws
January 4, 2023

Qualcomm on Tuesday unveiled patches to tackle various security flaws in its chipsets, some of which could be exploited to result in information and facts disclosure and memory corruption.

The five vulnerabilities — tracked from CVE-2022-40516 by CVE-2022-40520 — also affect Lenovo ThinkPad X13s laptops, prompting the Chinese Computer system maker to issue BIOS updates to plug the security holes.

The checklist of flaws is as follows –

✔ Approved From Our Partners
AOMEI Backupper Lifetime

Protect and backup your data using AOMEI Backupper. AOMEI Backupper takes secure and encrypted backups from your Windows, hard drives or partitions. With AOMEI Backupper you will never be worried about loosing your data anymore.

Get AOMEI Backupper with 72% discount from an authorized distrinutor of AOMEI: SerialCart® (Limited Offer).

➤ Activate Your Coupon Code


  • CVE-2022-40516, CVE-2022-40517 & CVE-2022-40520 (CVSS scores: 8.4) – Memory corruption in Core thanks to stack-primarily based buffer overflow
  • CVE-2022-40518 & CVE-2022-40519 (CVSS scores: 6.8) – Data disclosure due to buffer more than-browse in Main

Stack-centered buffer overflow vulnerabilities can end result in intense impacts, these types of as facts corruption, program crashes, and arbitrary code execution. Buffer in excess of-reads, on the other hand, can be weaponized to go through out-of-bounds memory, top to the publicity of secret data.

Profitable exploitation of the aforementioned flaws could permit a nearby adversary with elevated privileges to lead to memory corruption or leak delicate details, Lenovo famous in an inform posted Tuesday.

Also remediated by Lenovo are 4 more buffer in excess of-study vulnerabilities in ThinkPad X13 BIOS that could guide to info disclosure. The flaws are tracked as CVE-2022-4432, CVE-2022-4433, CVE-2022-4434, and CVE-2022-4435.

ThinkPad X13 buyers are proposed to update the BIOS to model 1.47 (N3HET75W) or more recent. Firmware security firm Binarly has been credited with discovering and reporting the nine shortcomings.

Qualcomm’s January 2023 security bulletin further more closes out 17 other vulnerabilities, which includes a person critical memory corruption bug in the Automotive part (CVE-2022-33219, CVSS rating: 9.3) arising as a outcome of a buffer overflow flaw.

Uncovered this posting intriguing? Abide by us on Twitter  and LinkedIn to go through much more exceptional articles we put up.


Some components of this short article are sourced from:
thehackernews.com

Reader Interactions

Leave a Reply

Your email address will not be published. Required fields are marked *