Qualcomm and Lenovo have issued patches to manage different security flaws in their chipsets, some of which could be exploited to cause data leakage and memory corruption. Others include the company’s flagship SnapDragon processor chips, which affect products ranging from automobiles to powerline communications.
Some of the patches issued addresses Stack-based buffer overflow vulnerabilities can have serious consequences such as data corruption, system crashes, and arbitrary code execution. As well as Buffer over-reads, which can be weaponized to read out-of-bounds memory, exposing sensitive data.
Two bugs (CVE-2022-33218 and CVE-2022-33219) in automotive and one bug (CVE-2022-33265) in powerline communication firmware are among the 22 proprietary software issues released in Qualcomm’s January 2023 security bulletin, all of which are rated high or critical for severity and difficult to patch. Lenovo fixed four more buffer over-read vulnerabilities in the ThinkPad X13 BIOS that could lead to data disclosure. CVE-2022-4432, CVE-2022-4433, CVE-2022-4434, and CVE-2022-4435 are the flaws tracked.
According to Lenovo, successful exploitation of the aforementioned flaws could allow a local adversary with elevated privileges to cause memory corruption or leak sensitive information.
The vulnerabilities also have knock-on effects. Lenovo adopted Qualcomm’s chip, and the five bugs Binarly reported to Qualcomm also affect Lenovo ThinkPad X13s, prompting the company to release BIOS updates to close the security gap.
The sources for this piece include an article in TheHackerNews.