[ad_1]
Qualcomm on Tuesday launched patches to handle a number of safety flaws in its chipsets, a few of which might be exploited to trigger info disclosure and reminiscence corruption.
The 5 vulnerabilities — tracked from CVE-2022-40516 via CVE-2022-40520 — additionally affect Lenovo ThinkPad X13s laptops, prompting the Chinese PC maker to concern BIOS updates to plug the safety holes.
The listing of flaws is as follows –
- CVE-2022-40516, CVE-2022-40517 & CVE-2022-40520 (CVSS scores: 8.4) – Memory corruption in Core as a result of stack-based buffer overflow
- CVE-2022-40518 & CVE-2022-40519 (CVSS scores: 6.8) – Information disclosure as a result of buffer over-read in Core
Stack-based buffer overflow vulnerabilities may end up in extreme impacts, similar to knowledge corruption, system crashes, and arbitrary code execution. Buffer over-reads, however, may be weaponized to learn out-of-bounds reminiscence, resulting in the publicity of secret knowledge.
Successful exploitation of the aforementioned flaws might enable a neighborhood adversary with elevated privileges to trigger reminiscence corruption or leak delicate info, Lenovo famous in an alert revealed Tuesday.
Also remediated by Lenovo are 4 extra buffer over-read vulnerabilities in ThinkPad X13 BIOS that might result in info disclosure. The flaws are tracked as CVE-2022-4432, CVE-2022-4433, CVE-2022-4434, and CVE-2022-4435.
ThinkPad X13 customers are really useful to replace the BIOS to model 1.47 (N3HET75W) or newer. Firmware safety agency Binarly has been credited with discovering and reporting the 9 shortcomings.
Qualcomm’s January 2023 safety bulletin additional closes out 17 different vulnerabilities, together with one vital reminiscence corruption bug within the Automotive element (CVE-2022-33219, CVSS rating: 9.3) arising because of a buffer overflow flaw.