Qualcomm released patches on Tuesday to address multiple security vulnerabilities in its chipsets, some of which could lead to information disclosure and memory corruption if exploited.
The five vulnerabilities ranging from CVE-2022-40516 to CVE-2022-40520 also affect Lenovo ThinkPad X13s laptops, prompting the Chinese PC manufacturer to release BIOS updates to patch the security holes.
The following list of flaws is provided:
- CVE-2022-40516, CVE-2022-40517 & CVE-2022-40520 (CVSS scores: 8.4) – Memory corruption in Core due to stack-based buffer overflow
- CVE-2022-40518 & CVE-2022-40519 (CVSS scores: 6.8) – Information disclosure due to buffer over-read in Core
Stack-based buffer overflow vulnerabilities can have severe consequences, including data corruption, system crashes, and the execution of arbitrary code. On the other hand, buffer over-reads can be weaponized to read out-of-bounds memory, resulting in the disclosure of sensitive data.
A local adversary with elevated privileges may be able to cause memory corruption or disclose sensitive information if he or she successfully exploits the flaws listed above, according to a Tuesday advisory issued by Lenovo.
Lenovo has also remedied four additional buffer over-read vulnerabilities in the ThinkPad X13 BIOS that could result in information disclosure. These vulnerabilities have been assigned the identifiers CVE-2022-4432, CVE-2022-4433, CVE-2022-4434, and CVE-2022-4435.
Users of the ThinkPad X13 are advised to update the BIOS to version 1.47 (N3HET75W) or later. Binarly, a firm specializing in firmware security, is credited with discovering and reporting the nine vulnerabilities.
The Qualcomm security advisory for January 2023 addresses 17 additional vulnerabilities, including one critical memory corruption flaw in the Automotive component (CVE-2022-33219, CVSS score: 9.3) caused by a buffer overflow flaw.
