Chipmaker Qualcomm has launched security updates to address 17 vulnerabilities in numerous factors, even though warning that 3 other zero-times have arrive beneath active exploitation.
Of the 17 flaws, three are rated Critical, 13 are rated Large, and 1 is rated Medium in severity.
“There are indications from Google Threat Assessment Group and Google Task Zero that CVE-2023-33106, CVE-2023-33107, CVE-2022-22071, and CVE-2023-33063 might be less than limited, specific exploitation,” the semiconductor organization said in an advisory.
“Patches for the issues affecting Adreno GPU and Compute DSP drivers have been built out there, and OEMs have been notified with a potent suggestion to deploy security updates as shortly as possible.”
CVE-2022-22071 (CVSS rating: 8.4), described as a use-right after-absolutely free in Automotive OS Platform, was originally patched by the firm as part of its May perhaps 2022 updates.
Even though supplemental particulars about the remaining other flaws are predicted to be made general public in December 2023, the disclosure will come the identical working day Arm shipped patches for a security flaw in the Mali GPU Kernel Driver (CVE-2023-4211) that has also occur less than confined, focused exploitation.
Qualcomm’s Oct 2023 updates also handle a few critical issues, although there is no evidence that they have been abused in the wild –
- CVE-2023-24855 (CVSS score: 9.8) – Memory corruption in Modem even though processing security connected configuration right before AS Security Trade.
- CVE-2023-28540 (CVSS rating: 9.1) – Cryptographic issue in Facts Modem because of to poor authentication through TLS handshake.
- CVE-2023-33028 (CVSS rating: 9.8) – Memory corruption in WLAN Firmware while executing a memory duplicate of pmk cache.
Customers are recommended to utilize updates from primary tools brands (OEMs) as before long as they turn into obtainable.
Observed this posting attention-grabbing? Adhere to us on Twitter and LinkedIn to go through extra special material we submit.
Some parts of this report are sourced from: