January 4, 2023Rabbi LakshmananFirmware security

Qualcomm on Tuesday released patch It is intended to address multiple security flaws in the chipset, some of which can be exploited to cause information disclosure and memory corruption.

Five vulnerabilities tracked from CVE-2022-40516 to CVE-2022-40520 also affected Lenovo ThinkPad X13s laptops, prompting Chinese PC makers to issue BIOS updates to close security holes. rice field.

The list of defects is as follows −

  • CVE-2022-40516, CVE-2022-40517 & CVE-2022-40520 (CVSS Score: 8.4) – Core Memory Corruption stack-based buffer overflow
  • CVE-2022-40518 & CVE-2022-40519 (CVSS Score: 6.8) – Disclosure by buffer over read at the core

Stack-based buffer overflow vulnerabilities can have serious consequences, including data corruption, system crashes, and arbitrary code execution. Buffer overreading, on the other hand, can be weaponized to read out-of-bounds memory, leading to exposure of sensitive data.

Successful exploitation of the aforementioned flaws could allow a local adversary with elevated privileges to cause memory corruption and sensitive information disclosure. I got it in an alert released on Tuesday.

Lenovo has also fixed four buffer overread vulnerabilities in ThinkPad X13 BIOS. This can lead to information disclosure. The flaws are tracked as CVE-2022-4432, CVE-2022-4433, CVE-2022-4434, and CVE-2022-4435.

ThinkPad X13 users are advised to update the BIOS to version 1.47 (N3HET75W) or later. Firmware security company Binarly reportedly discovered and reported nine shortcomings.

Qualcomm’s January 2023 Security Bulletin lists 17 other vulnerabilities, including one critical memory corruption bug (CVE-2022-33219, CVSS score: 9.3) in Automotive components resulting from a buffer overflow flaw. It’s even more closed.

Did you find this article interesting?Please follow us twitter When LinkedIn To read more exclusive content that we post.



Register now for our membership to gain access to our elite training program and fast forward your career today!


Subscribe my Newsletter for new blog posts, tips & new photos. Let's stay updated!

Security Blog

Blue Training Academy

Blue Training Academy was developed in 2018 as a educational and training facility for continuing education and certification courses. Blue Training Academy is an educational institution that allows for all sectors of the public and Criminal Justice field to gain ongoing training and education.

Copyright ©️ All rights reserved. | Blue Training Academy Blog