Security News > 2023 > January > Qualcomm Chipsets and Lenovo BIOS Get Security Updates to Fix Multiple Flaws

Qualcomm Chipsets and Lenovo BIOS Get Security Updates to Fix Multiple Flaws
2023-01-04 10:47

Qualcomm on Tuesday released patches to address multiple security flaws in its chipsets, some of which could be exploited to cause information disclosure and memory corruption.

The five vulnerabilities - tracked from CVE-2022-40516 through CVE-2022-40520 - also impact Lenovo ThinkPad X13s laptops, prompting the Chinese PC maker to issue BIOS updates to plug the security holes.

Successful exploitation of the aforementioned flaws could allow a local adversary with elevated privileges to cause memory corruption or leak sensitive information, Lenovo noted in an alert published Tuesday.

Also remediated by Lenovo are four more buffer over-read vulnerabilities in ThinkPad X13 BIOS that could lead to information disclosure.

ThinkPad X13 users are recommended to update the BIOS to version 1.47 or newer.

Qualcomm's January 2023 security bulletin further closes out 17 other vulnerabilities, including one critical memory corruption bug in the Automotive component arising as a result of a buffer overflow flaw.


News URL

https://thehackernews.com/2023/01/qualcomm-chipsets-and-lenovo-bios-get.html

Related Vulnerability

DATE CVE VULNERABILITY TITLE RISK
2023-01-09 CVE-2022-40520 Out-of-bounds Write vulnerability in Qualcomm products
Memory corruption due to stack-based buffer overflow in Core
local
low complexity
qualcomm CWE-787
7.8
7.8
2023-01-09 CVE-2022-40516 Out-of-bounds Write vulnerability in Qualcomm products
Memory corruption in Core due to stack-based buffer overflow.
local
low complexity
qualcomm CWE-787
7.8
7.8

Related vendor

VENDOR LAST 12M #/PRODUCTS LOW MEDIUM HIGH CRITICAL TOTAL VULNS
Qualcomm 2227 0 257 1169 514 1940
Lenovo 2278 5 177 158 16 356