Security
Headlines
HeadlinesLatestCVEs

Headline

Qualcomm Chipsets and Lenovo BIOS Get Security Updates to Fix Multiple Flaws

Qualcomm on Tuesday released patches to address multiple security flaws in its chipsets, some of which could be exploited to cause information disclosure and memory corruption. The five vulnerabilities – tracked from CVE-2022-40516 through CVE-2022-40520 – also impact Lenovo ThinkPad X13s laptops, prompting the Chinese PC maker to issue BIOS updates to plug the security holes. The list of

The Hacker News
#vulnerability#ios#lenovo#bios#buffer_overflow#The Hacker News

Qualcomm on Tuesday released patches to address multiple security flaws in its chipsets, some of which could be exploited to cause information disclosure and memory corruption.

The five vulnerabilities – tracked from CVE-2022-40516 through CVE-2022-40520 – also impact Lenovo ThinkPad X13s laptops, prompting the Chinese PC maker to issue BIOS updates to plug the security holes.

The list of flaws is as follows -

  • CVE-2022-40516, CVE-2022-40517 & CVE-2022-40520 (CVSS scores: 8.4) - Memory corruption in Core due to stack-based buffer overflow
  • CVE-2022-40518 & CVE-2022-40519 (CVSS scores: 6.8) - Information disclosure due to buffer over-read in Core

Stack-based buffer overflow vulnerabilities can result in severe impacts, such as data corruption, system crashes, and arbitrary code execution. Buffer over-reads, on the other hand, can be weaponized to read out-of-bounds memory, leading to the exposure of secret data.

Successful exploitation of the aforementioned flaws could allow a local adversary with elevated privileges to cause memory corruption or leak sensitive information, Lenovo noted in an alert published Tuesday.

Also remediated by Lenovo are four more buffer over-read vulnerabilities in ThinkPad X13 BIOS that could lead to information disclosure. The flaws are tracked as CVE-2022-4432, CVE-2022-4433, CVE-2022-4434, and CVE-2022-4435.

ThinkPad X13 users are recommended to update the BIOS to version 1.47 (N3HET75W) or newer. Firmware security firm Binarly has been credited with discovering and reporting the nine shortcomings.

Qualcomm’s January 2023 security bulletin further closes out 17 other vulnerabilities, including one critical memory corruption bug in the Automotive component (CVE-2022-33219, CVSS score: 9.3) arising as a result of a buffer overflow flaw.

Found this article interesting? Follow us on Twitter and LinkedIn to read more exclusive content we post.

Related news

CVE-2021-0701: Android Security Bulletin—June 2023

Product: AndroidVersions: Android SoCAndroid ID: A-277775870

CVE-2023-21079: Pixel Update Bulletin—March 2023

In rtt_unpack_xtlv_cbfn of dhd_rtt.c, there is a possible out of bounds write due to a heap buffer overflow. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android kernelAndroid ID: A-254839721References: N/A

CVE-2022-40520

Memory corruption due to stack-based buffer overflow in Core

Chip Vulnerabilities Impacting Microsoft, Lenovo, and Samsung Devices

By Deeba Ahmed In total 22 proprietary software vulnerabilities were identified in the firmware, which Qualcomm addressed in its January 2023… This is a post from HackRead.com Read the original post: Chip Vulnerabilities Impacting Microsoft, Lenovo, and Samsung Devices

CVE-2022-4435: ThinkPad X13s BIOS Vulnerabilities - Lenovo Support US

A buffer over-read vulnerability was reported in the ThinkPadX13s BIOS LenovoRemoteConfigUpdateDxe driver that could allow a local attacker with elevated privileges to cause information disclosure.