CIO News Hubb
Advertisement
  • Home
  • News
  • Operations CIO
  • Visionary CIO
  • IT Management
  • Information Security
  • Contact
No Result
View All Result
  • Home
  • News
  • Operations CIO
  • Visionary CIO
  • IT Management
  • Information Security
  • Contact
No Result
View All Result
CIO News Hubb
No Result
View All Result
Home Information Security

Qualcomm Chipsets and Lenovo BIOS Get Security Updates to Fix Multiple Flaws

admin by admin
January 4, 2023
in Information Security


Jan 04, 2023Ravie LakshmananFirmware Security

Qualcomm on Tuesday released patches to address multiple security flaws in its chipsets, some of which could be exploited to cause information disclosure and memory corruption.

The five vulnerabilities — tracked from CVE-2022-40516 through CVE-2022-40520 — also impact Lenovo ThinkPad X13s laptops, prompting the Chinese PC maker to issue BIOS updates to plug the security holes.

The list of flaws is as follows –

  • CVE-2022-40516, CVE-2022-40517 & CVE-2022-40520 (CVSS scores: 8.4) – Memory corruption in Core due to stack-based buffer overflow
  • CVE-2022-40518 & CVE-2022-40519 (CVSS scores: 6.8) – Information disclosure due to buffer over-read in Core

Stack-based buffer overflow vulnerabilities can result in severe impacts, such as data corruption, system crashes, and arbitrary code execution. Buffer over-reads, on the other hand, can be weaponized to read out-of-bounds memory, leading to the exposure of secret data.

Successful exploitation of the aforementioned flaws could allow a local adversary with elevated privileges to cause memory corruption or leak sensitive information, Lenovo noted in an alert published Tuesday.

Also remediated by Lenovo are four more buffer over-read vulnerabilities in ThinkPad X13 BIOS that could lead to information disclosure. The flaws are tracked as CVE-2022-4432, CVE-2022-4433, CVE-2022-4434, and CVE-2022-4435.

ThinkPad X13 users are recommended to update the BIOS to version 1.47 (N3HET75W) or newer. Firmware security firm Binarly has been credited with discovering and reporting the nine shortcomings.

Qualcomm’s January 2023 security bulletin further closes out 17 other vulnerabilities, including one critical memory corruption bug in the Automotive component (CVE-2022-33219, CVSS score: 9.3) arising as a result of a buffer overflow flaw.

Found this article interesting? Follow us on Twitter  and LinkedIn to read more exclusive content we post.





Source link

Tags: computer securitycyber attackscyber newscyber security newscyber security news todaycyber security updatescyber updatesdata breachhacker newshacking newshow to hackinformation securitynetwork securityransomware malwaresoftware vulnerabilitythe hacker news
Previous Post

Updated whitepaper available: AWS Security Incident Response Guide

Next Post

Initiategovernance

Related Posts

Information Security

New Android Banking Trojan Targeting Brazilian Financial Institutions

by admin
February 4, 2023
Information Security

Fall 2022 PCI DSS report available with six services added to compliance scope

by admin
February 4, 2023
Information Security

Is Your EV Charging Station Safe? New Security Vulnerabilities Uncovered

by admin
February 3, 2023
Information Security

How to improve security incident investigations using Amazon Detective finding groups

by admin
February 3, 2023
Information Security

New Russian-Backed Gamaredon’s Spyware Variants Targeting Ukrainian Authorities

by admin
February 2, 2023
Next Post

Initiategovernance

Recommended

Initiativesofreinvention

February 4, 2023

New Android Banking Trojan Targeting Brazilian Financial Institutions

February 4, 2023

Fall 2022 PCI DSS report available with six services added to compliance scope

February 4, 2023

Initiativesofnonlinearity ~ Future of CIO

February 3, 2023

Is Your EV Charging Station Safe? New Security Vulnerabilities Uncovered

February 3, 2023

How to improve security incident investigations using Amazon Detective finding groups

February 3, 2023

© 2022 CIO News Hubb All rights reserved.

Use of these names, logos, and brands does not imply endorsement unless specified. By using this site, you agree to the Privacy Policy and Terms & Conditions.

Navigate Site

  • Home
  • News
  • Operations CIO
  • Visionary CIO
  • IT Management
  • Information Security
  • Contact

Newsletter Sign Up

No Result
View All Result
  • Home
  • News
  • Operations CIO
  • Visionary CIO
  • IT Management
  • Information Security
  • Contact

© 2022 CIO News Hubb All rights reserved.