Tech giants Lenovo and Qualcomm have separately released multiple firmware bug fixes around the same time. All users running Qualcomm chipsets on their devices and Lenovo ThinkPad X13 users should ensure updating their systems with the latest firmware releases.
Qualcomm, Lenovo Bug Fixes
Recently, Qualcomm – the American technology firm powering a range of computers and mobile phone devices with their chipsets, and Lenovo – the Chinese tech giant, have rolled out major firmware updates for the users.
Specifically, Qualcomm’s security bulletin suggests patching 20 different vulnerabilities affecting various chipsets. Given the diversified range of products using these chipsets, the affected devices belong to different technology areas, from automotive to Android connectivity, WLAN, powerline communication, and Kernel.
While the bulletin doesn’t include detailed vulnerability descriptions, it lists brief details about the nature of vulnerabilities. Three of these hold critical security ratings, which include,
- CVE-2022-33218 (CVSS rating: High; CVSS score 8.2; Technology: Automotive): Memory corruption vulnerability due to improper input validation
- CVE-2022-33219 (CVSS rating: Critical; CVSS score 9.3; Technology: Automotive): Memory corruption due to integer overflow to buffer overflow while registering a new listener with shared buffer.
- CVE-2022-33265 (CVSS rating: High; CVSS score 7.3; Technology: Powerline Communication Firmware): Memory corruption due to information exposure while sending different MMEs from a single, unassociated device.
Besides, the updates address 17 other high security rating vulnerabilities that Qualcomm has confirmed informing the relevant vendors.
Five of these also affect Lenovo ThinkPad X13 laptops. These include,
- CVE-2022-40516, CVE-2022-40517 (CVSS rating: High; CVSS score 8.4; Technology: Boot): Memory corruption in Core due to stack-based buffer overflow
- CVE-2022-40520 (CVSS rating: High; CVSS score 8.4; Technology: Connectivity): Memory corruption due to a stack-based buffer overflow in Core
- CVE-2022-40518, CVE-2022-40519 (CVSS rating: Medium; CVSS score 6.8; Technology: Boot): Information disclosure due to buffer overread in Core
Alongside these patches, Lenovo has also addressed some other vulnerabilities, according to its advisory for ThinkPad X13s BIOS. The tech giant urges users to upgrade their laptops’ BIOS to version 1.47 (N3HET75W) or newer.
Let us know your thoughts in the comments.