[Nulled] » Information security » Potentially serious UEFI firmware vulnerabilities in Qualcomm Snapdragon chips affect many devices manufactured by Microsoft
January 16 2023

Potentially serious UEFI firmware vulnerabilities in Qualcomm

web3 16-01-2023, 12:42 Information security 146

Potentially serious UEFI firmware vulnerabilities in Qualcomm Snapdragon chips affect many devices manufactured by Microsoft, Lenovo, Samsung and many other companies.

Qualcomm has announced the availability of fixes for thirteen vulnerabilities, including five connection and download-related bugs discovered by Binarly researchers.

The researchers found a total of nine vulnerabilities when analyzing the firmware of Lenovo Thinkpad X13s laptops based on Qualcomm Snapdragon (SoC).

Further analysis showed that five of them affect the Qualcomm reference code, which means they are present in laptops and other devices using Snapdragon chips.

According to Binarly, Qualcomm vulnerabilities have been confirmed to also affect Microsoft Surface computers based on Arm and Windows Dev Kit 2023 (Project Volterra), as well as Samsung products.

A total of 22 vulnerabilities in the Snapdragon package have been eliminated. 

The most serious flaw is an error related to buffer overflow in Automotive, tracked as CVE-2022-33219 (CVSS score 9.3), as well as two other serious problems.

Among them:
- CVE-2022-33218 (CVSS score 8.2) — the error is related to memory corruption in Automotive due to incorrect input validation,
- CVE-2022-33265 (CVSS score 7.3) — the vulnerability lies in the disclosure of information in the Powerline Communication firmware.

Qualcomm said that fixes for the vulnerabilities discovered by Binarly were available to customers in November 2022.

The company encourages end users to apply updates as soon as they become available from device manufacturers.

Information

Visitors who are in the group Guests they can't download files.
Log in to the site under your login and password or if you are a new user go through the process registrations on the website.

Comments:

This publication has no comments yet. You can be the first!

Information the publication:

  • Author of the publication: web3
  • Date of publication: 16 January 2023 12:42
  • Publication category(s): Information security
  • Number of views of the publication: 146
  • Number of comments to the publication: 0

Related News

16 January 2023
Information security
An equally impressive

An equally impressive update was released by Google as part of the January patch for Android.

Read more
16 January 2023
Information security
Google has announced the

Google has announced the release of Chrome 109 in a stable channel with fixes for 17 vulnerabilities, including 14

Read more
16 January 2023
Information security
Microsoft's January

Microsoft's January PatchTuesday was released with fixes for a record 98 documented software vulnerabilities.

Read more
16 January 2023
Information security
At least 29 security

At least 29 security vulnerabilities have been fixed by Adobe developers in their corporate product line,

Read more
16 January 2023
Information security
The first January ICS

The first January ICS fixes came up with a dozen security recommendations from Siemens and Schneider Electric,

Read more

Information

Users of 🆅🅸🆂🅸🆃🅾🆁 are not allowed to comment this publication.

Site Search

Site Menu


☑ Websites Scripts

Calendar

«    November 2024    »
MonTueWedThuFriSatSun
 123
45678910
11121314151617
18192021222324
252627282930 

Advertisement

Survey on the website

Evaluate the work of the site
 

Statistics

  • +15 Total articles 6747
  • +15 Comments 4077
  • +24 Users : 5843