Chipmaker Qualcomm has introduced security updates to address 17 vulnerabilities in numerous components, when warning that a few other zero-times have appear beneath lively exploitation.
Of the 17 flaws, 3 are rated Critical, 13 are rated Higher, and 1 is rated Medium in severity.
“There are indications from Google Danger Assessment Group and Google Undertaking Zero that CVE-2023-33106, CVE-2023-33107, CVE-2022-22071, and CVE-2023-33063 may perhaps be under restricted, focused exploitation,” the semiconductor enterprise reported in an advisory.
“Patches for the issues influencing Adreno GPU and Compute DSP drivers have been designed readily available, and OEMs have been notified with a sturdy suggestion to deploy security updates as before long as feasible.”
CVE-2022-22071 (CVSS score: 8.4), described as a use-right after-free in Automotive OS Platform, was originally patched by the corporation as component of its Might 2022 updates.
Even though supplemental specifics about the remaining other flaws are predicted to be made general public in December 2023, the disclosure comes the identical working day Arm shipped patches for a security flaw in the Mali GPU Kernel Driver (CVE-2023-4211) that has also occur below constrained, qualified exploitation.
Qualcomm’s October 2023 updates also handle a few critical issues, although there is no proof that they have been abused in the wild –
- CVE-2023-24855 (CVSS rating: 9.8) – Memory corruption in Modem although processing security associated configuration before AS Security Trade.
- CVE-2023-28540 (CVSS score: 9.1) – Cryptographic issue in Knowledge Modem because of to poor authentication all through TLS handshake.
- CVE-2023-33028 (CVSS rating: 9.8) – Memory corruption in WLAN Firmware while accomplishing a memory copy of pmk cache.
People are encouraged to implement updates from original gear suppliers (OEMs) as soon as they turn into accessible.
Uncovered this post exciting? Adhere to us on Twitter and LinkedIn to read through extra exclusive written content we submit.
Some parts of this article are sourced from:
thehackernews.com