Qualcomm released a patch on Tuesday to address multiple security flaws in its chipset. Some of them can be exploited to cause information leaks and memory corruption.
Five vulnerabilities tracked from CVE-2022-40516 to CVE-2022-40520 also affected Lenovo ThinkPad X13s laptops, prompting Chinese PC makers to issue BIOS updates to close security holes. rice field.
The list of defects is as follows −
- CVE-2022-40516, CVE-2022-40517 & CVE-2022-40520 (CVSS score: 8.4) – Core memory corruption due to stack-based buffer overflow
- CVE-2022-40518 & CVE-2022-40519 (CVSS score: 6.8) – Information disclosure due to buffer overread in Core
Stack-based buffer overflow vulnerabilities can have serious consequences, including data corruption, system crashes, and arbitrary code execution. Buffer overreading, on the other hand, can be weaponized to read out-of-bounds memory, leading to exposure of sensitive data.
Successful exploitation of the aforementioned flaw could allow a local adversary with elevated privileges to corrupt memory and expose sensitive information, Lenovo said in an alert published Tuesday.
Lenovo has also fixed four buffer overread vulnerabilities in the ThinkPad X13 BIOS that could lead to information disclosure. The flaws are tracked as CVE-2022-4432, CVE-2022-4433, CVE-2022-4434, and CVE-2022-4435.
ThinkPad X13 users are advised to update the BIOS to version 1.47 (N3HET75W) or later. Firmware security company Binarly reportedly discovered and reported nine shortcomings.
Qualcomm’s January 2023 Security Bulletin lists 17 other vulnerabilities, including one critical memory corruption bug (CVE-2022-33219, CVSS score: 9.3) in Automotive components resulting from a buffer overflow flaw. It’s even more closed.
