Qualcomm and Lenovo usher in 2023 with security patches

Qualcomm and Lenovo have issued patches to manage different security flaws in their chipsets, some of which could be exploited to cause data leakage and memory corruption. Others include the company’s flagship SnapDragon processor chips, which affect products ranging from automobiles to powerline communications.

Some of the patches issued addresses Stack-based buffer overflow vulnerabilities can have serious consequences such as data corruption, system crashes, and arbitrary code execution. As well as Buffer over-reads, which can be weaponized to read out-of-bounds memory, exposing sensitive data.

Two bugs (CVE-2022-33218 and CVE-2022-33219) in automotive and one bug (CVE-2022-33265) in powerline communication firmware are among the 22 proprietary software issues released in Qualcomm’s January 2023 security bulletin, all of which are rated high or critical for severity and difficult to patch. Lenovo fixed four more buffer over-read vulnerabilities in the ThinkPad X13 BIOS that could lead to data disclosure. CVE-2022-4432, CVE-2022-4433, CVE-2022-4434, and CVE-2022-4435 are the flaws tracked.

According to Lenovo, successful exploitation of the aforementioned flaws could allow a local adversary with elevated privileges to cause memory corruption or leak sensitive information.

The vulnerabilities also have knock-on effects. Lenovo adopted Qualcomm’s chip, and the five bugs Binarly reported to Qualcomm also affect Lenovo ThinkPad X13s, prompting the company to release BIOS updates to close the security gap.

The sources for this piece include an article in TheHackerNews.

IT World Canada Staff
IT World Canada Staff
The online resource for Canadian Information Technology professionals.

Would you recommend this article?


Thanks for taking the time to let us know what you think of this article!
We'd love to hear your opinion about this or any other story you read in our publication.

Jim Love, Chief Content Officer, IT World Canada

Featured Download

ITW in your inbox

Our experienced team of journalists and bloggers bring you engaging in-depth interviews, videos and content targeted to IT professionals and line-of-business executives.

More Best of The Web