Thursday, December 7, 2023
HomeCyber SecurityQualcomm Releases Particulars on Chip Vulnerabilities Exploited in Focused Assaults

Qualcomm Releases Particulars on Chip Vulnerabilities Exploited in Focused Assaults


î ‚Dec 06, 2023î „NewsroomVulnerability / Cellular Safety

Chipmaker Qualcomm has launched extra details about three high-severity safety flaws that it stated got here beneath “restricted, focused exploitation” again in October 2023.

The vulnerabilities are as follows –

  • CVE-2023-33063 (CVSS rating: 7.8) – Reminiscence corruption in DSP Companies throughout a distant name from HLOS to DSP.
  • CVE-2023-33106 (CVSS rating: 8.4) – Reminiscence corruption in Graphics whereas submitting a big checklist of sync factors in an AUX command to the IOCTL_KGSL_GPU_AUX_COMMAND.
  • CVE-2023-33107 (CVSS rating: 8.4) – Reminiscence corruption in Graphics Linux whereas assigning shared digital reminiscence area throughout IOCTL name.

Google’s Menace Evaluation Group and Google Mission Zero revealed again in October 2023 that the three flaws, together with CVE-2022-22071 (CVSS rating: 8.4), have been exploited within the wild as a part of restricted, focused assaults.

Cybersecurity

A safety researcher named luckyrb, the Google Android Safety group, and TAG researcher Benoît Sevens and Jann Horn of Google Mission Zero have been credited with reporting the safety vulnerabilities, respectively.

It is presently not recognized how these shortcomings have been weaponized, and who’re behind the assaults.

The event, nevertheless, has prompted the U.S. Cybersecurity and Infrastructure Safety Company (CISA) to add the 4 bugs to its Recognized Exploited Vulnerabilities (KEV) catalog, urging federal companies to use the patches by December 26, 2023.

It additionally follows Google’s announcement that the December 2023 safety updates for Android handle 85 flaws, together with a essential situation within the System element tracked as CVE-2023-40088 that “may result in distant (proximal/adjoining) code execution with no extra execution privileges wanted” and with none consumer interplay.

Discovered this text attention-grabbing? Observe us on Twitter ï‚™ and LinkedIn to learn extra unique content material we publish.





Supply hyperlink

RELATED ARTICLES

LEAVE A REPLY

Please enter your comment!
Please enter your name here

- Advertisment -
Google search engine

Most Popular

Recent Comments