Qualcomm and Lenovo usher in 2023 with security patches

Share post:

Qualcomm and Lenovo have issued patches to manage different security flaws in their chipsets, some of which could be exploited to cause data leakage and memory corruption. Others include the company’s flagship SnapDragon processor chips, which affect products ranging from automobiles to powerline communications.

Some of the patches issued addresses Stack-based buffer overflow vulnerabilities can have serious consequences such as data corruption, system crashes, and arbitrary code execution. As well as Buffer over-reads, which can be weaponized to read out-of-bounds memory, exposing sensitive data.

Two bugs (CVE-2022-33218 and CVE-2022-33219) in automotive and one bug (CVE-2022-33265) in powerline communication firmware are among the 22 proprietary software issues released in Qualcomm’s January 2023 security bulletin, all of which are rated high or critical for severity and difficult to patch. Lenovo fixed four more buffer over-read vulnerabilities in the ThinkPad X13 BIOS that could lead to data disclosure. CVE-2022-4432, CVE-2022-4433, CVE-2022-4434, and CVE-2022-4435 are the flaws tracked.

According to Lenovo, successful exploitation of the aforementioned flaws could allow a local adversary with elevated privileges to cause memory corruption or leak sensitive information.

The vulnerabilities also have knock-on effects. Lenovo adopted Qualcomm’s chip, and the five bugs Binarly reported to Qualcomm also affect Lenovo ThinkPad X13s, prompting the company to release BIOS updates to close the security gap.

The sources for this piece include an article in TheHackerNews.

SUBSCRIBE NOW

Related articles

Hackers Plant False Memories in ChatGPT to Steal User Data

A security researcher has uncovered a vulnerability in ChatGPT that could allow hackers to store false information and...

“Octo2” Trojan Targets Bank Accounts by Posing as VPN or Chrome Apps on Android

A new malware variant called “Octo2” is spreading across Android devices by posing as popular apps like NordVPN...

Evilginx – Open source tool can bypass Multi-Factor Authentication (MFA)

Security vendor Abnormal Security is reporting a new cybersecurity tool that is gaining traction among cybercriminals. The tool,...

Kaspersky’s exit from US market frightens some customers

Kaspersky, the Russian cybersecurity firm, has unexpectedly removed its antivirus software from U.S. customers' computers, replacing it with...

Become a member

New, Relevant Tech Stories. Our article selection is done by industry professionals. Our writers summarize them to give you the key takeaways