Qualcomm Chipsets and Lenovo BIOS Get Security Updates to Fix Multiple Flaws
04-Jan-23
On Tuesday, Qualcomm released patches to fix a number of security issues in its chipsets, some of which may be used to compromise the privacy of users’ data and destroy their memory. CVE-2022-40520, CVE-2024-20516, and CVE-2024-20517 (CVSS scores: 8.4) – A stack-based buffer overflow that caused memory corruption in the Core.
The five vulnerabilities, numbered CVE-2022-40516 through CVE-2022-40520, also affect ThinkPad X13s notebooks from Lenovo, which prompted the Chinese PC manufacturer to release BIOS upgrades to close the security gaps. vuln versions 2022-40518 and 2022-40519 (CVSS scores: 6.8) - Information leakage brought on by Core’s buffer over-read.
