Qualcomm on Tuesday released patch It is intended to address multiple security flaws in the chipset, some of which can be exploited to cause information disclosure and memory corruption.
Five vulnerabilities tracked from CVE-2022-40516 to CVE-2022-40520 also affected Lenovo ThinkPad X13s laptops, prompting Chinese PC makers to issue BIOS updates to close security holes. rice field.
The list of defects is as follows −
- CVE-2022-40516, CVE-2022-40517 & CVE-2022-40520 (CVSS Score: 8.4) – Core Memory Corruption stack-based buffer overflow
- CVE-2022-40518 & CVE-2022-40519 (CVSS Score: 6.8) – Disclosure by buffer over read at the core
Stack-based buffer overflow vulnerabilities can have serious consequences, including data corruption, system crashes, and arbitrary code execution. Buffer overreading, on the other hand, can be weaponized to read out-of-bounds memory, leading to exposure of sensitive data.
Successful exploitation of the aforementioned flaws could allow a local adversary with elevated privileges to cause memory corruption and sensitive information disclosure. I got it in an alert released on Tuesday.
Lenovo has also fixed four buffer overread vulnerabilities in ThinkPad X13 BIOS. This can lead to information disclosure. The flaws are tracked as CVE-2022-4432, CVE-2022-4433, CVE-2022-4434, and CVE-2022-4435.
ThinkPad X13 users are advised to update the BIOS to version 1.47 (N3HET75W) or later. Firmware security company Binarly reportedly discovered and reported nine shortcomings.
Qualcomm’s January 2023 Security Bulletin lists 17 other vulnerabilities, including one critical memory corruption bug (CVE-2022-33219, CVSS score: 9.3) in Automotive components resulting from a buffer overflow flaw. It’s even more closed.