Qualcomm and Lenovo usher in 2023 with security patches

Share post:

Qualcomm and Lenovo have issued patches to manage different security flaws in their chipsets, some of which could be exploited to cause data leakage and memory corruption. Others include the company’s flagship SnapDragon processor chips, which affect products ranging from automobiles to powerline communications.

Some of the patches issued addresses Stack-based buffer overflow vulnerabilities can have serious consequences such as data corruption, system crashes, and arbitrary code execution. As well as Buffer over-reads, which can be weaponized to read out-of-bounds memory, exposing sensitive data.

Two bugs (CVE-2022-33218 and CVE-2022-33219) in automotive and one bug (CVE-2022-33265) in powerline communication firmware are among the 22 proprietary software issues released in Qualcomm’s January 2023 security bulletin, all of which are rated high or critical for severity and difficult to patch. Lenovo fixed four more buffer over-read vulnerabilities in the ThinkPad X13 BIOS that could lead to data disclosure. CVE-2022-4432, CVE-2022-4433, CVE-2022-4434, and CVE-2022-4435 are the flaws tracked.

According to Lenovo, successful exploitation of the aforementioned flaws could allow a local adversary with elevated privileges to cause memory corruption or leak sensitive information.

The vulnerabilities also have knock-on effects. Lenovo adopted Qualcomm’s chip, and the five bugs Binarly reported to Qualcomm also affect Lenovo ThinkPad X13s, prompting the company to release BIOS updates to close the security gap.

The sources for this piece include an article in TheHackerNews.

SUBSCRIBE NOW

Related articles

Sleeper Supply Chain Attack Activates After 6 Years

A coordinated supply chain attack has compromised between 500 and 1,000 e-commerce websites by exploiting vulnerabilities in 21...

Russian-Controlled Open Source Tool Raises Alarms Over U.S. Cybersecurity

A widely used open-source Go library, easyjson, used in healthcare, finance and even defence has come under scrutiny...

Signal Archiving Tool Used By Trump Admin Is Breached, Raising Alarms Over Messaging Security (EDITORIAL)

(EDITORIAL) A messaging tool used by Trump administration officials to archive encrypted Signal messages has been hacked —...

Anthropic Warns: AI “Virtual Employees” Could Pose Security Risks Within a Year

Anthropic, a leading artificial intelligence company, anticipates that AI-powered virtual employees could begin operating within corporate networks as...

Become a member

New, Relevant Tech Stories. Our article selection is done by industry professionals. Our writers summarize them to give you the key takeaways