ClickCease Qualcomm, Lenovo issues numerous patches to address flaws

Join Our Popular Newsletter

Join 4,500+ Linux & Open Source Professionals!

2x a month. No spam.

Qualcomm, Lenovo issues numerous patches to address security flaws

Obanla Opeyemi

January 17, 2023 - TuxCare expert team

Qualcomm and Lenovo have issued patches to address a number of security flaws in their chipsets, some of which could result in data leakage and memory corruption.

Security flaws have been discovered in the Unified Extensible Firmware Interface (UEFI) firmware reference code of Qualcomm’s Snapdragon series of processors, which are used in products ranging from automobiles to powerline communications. These flaws affect devices built on the ARM architecture.

According to Qualcomm’s security bulletin, 20 different vulnerabilities affecting various chipsets were patched. This was because of the diverse range of products that use these chipsets, the affected devices are from various technology areas, ranging from automotive to Android connectivity, WLAN, powerline communication, and Kernel.

Three of those patched have critical security ratings, and they are as follows: CVE-2022-33218 (CVSS score 8.2; Technology: Automotive): Memory corruption vulnerability as a result of incorrect input validation CVE-2022-33219 (CVSS score 9.3; Technology: Automotive): Memory corruption caused by integer overflow to buffer overflow while registering a new listener with shared buffer. CVE-2022-33265 (CVSS score: 7.3; Technology: Powerline Communication Firmware): Memory corruption caused by information exposure while sending multiple MMEs from a single, unrelated device.

Furthermore, the updates address 17 other high security rating vulnerabilities that Qualcomm has confirmed and informed the appropriate vendors about. Five of these are also applicable to Lenovo ThinkPad X13 laptops. CVE-2022-40516 and CVE-2022-40517 (CVSS rating: High; CVSS score 8.4; Technology: Boot): Memory corruption in Core caused by stack-based buffer overflow CVE-2022-40520 (CVSS score 8.4; Technology: Connectivity): Memory corruption caused by a stack-based buffer overflow in Core CVE-2022-40518, CVE-2022-40519 (CVSS rating: Medium; CVSS score: 6.8; Technology: Boot): Information disclosure as a result of buffer overread in Core.

Lenovo has also addressed some other vulnerabilities in the ThinkPad X13’s BIOS in addition to these patches. Lenovo advises users to update their BIOS to version 1.47 (N3HET75W) or higher.

The vulnerabilities also have knock-on effects. Lenovo adopted Qualcomm’s chip, and the five bugs Binarly reported to Qualcomm also affect Lenovo ThinkPad X13s, prompting the company to release BIOS updates to close the security gap.

The sources for this piece include an article in SCMagazine.

Summary
Qualcomm, Lenovo issues numerous patches to address flaws
Article Name
Qualcomm, Lenovo issues numerous patches to address flaws
Description
Qualcomm and Lenovo have issued patches to address a number of security flaws in their chipsets, some of which could result in data leakage and memory corruption.
Author
Publisher Name
TuxCare
Publisher Logo

Looking to automate vulnerability patching without kernel reboots, system downtime, or scheduled maintenance windows?

Learn About Live Patching with TuxCare

Related Articles

How GPT models can be...

According to CyberArk researchers, GPT-based models like ChatGPT can be...

January 30, 2023

Attackers actively exploit Unpatched Control...

Malicious hackers have started exploiting a critical vulnerability CVE-2022-44877 in...

January 27, 2023

Attackers distribute malware via malicious...

Deep Instinct researchers reported that RATs like StrRAT and Ratty...

January 26, 2023

CircleCI partners AWS to identify...

According to CircleCI’s CTO, Rob Zuber, CircleCI is working with...

January 25, 2023

Cisco warns of authentication bypass...

A remote attacker could exploit multiple vulnerabilities in four Cisco...

January 24, 2023

IceID malware infiltrates Active Directory...

In a notable IcedID malware attack, the assailant impacted the...

January 23, 2023