Qualcomm Releases Details on Chip Vulnerabilities Exploited in Targeted Attacks

Cyber Security

Dec 06, 2023NewsroomVulnerability / Mobile Security

Chipmaker Qualcomm has released more information about three high-severity security flaws that it said came under “limited, targeted exploitation” back in October 2023.

The vulnerabilities are as follows –

  • CVE-2023-33063 (CVSS score: 7.8) – Memory corruption in DSP Services during a remote call from HLOS to DSP.
  • CVE-2023-33106 (CVSS score: 8.4) – Memory corruption in Graphics while submitting a large list of sync points in an AUX command to the IOCTL_KGSL_GPU_AUX_COMMAND.
  • CVE-2023-33107 (CVSS score: 8.4) – Memory corruption in Graphics Linux while assigning shared virtual memory region during IOCTL call.

Google’s Threat Analysis Group and Google Project Zero revealed back in October 2023 that the three flaws, along with CVE-2022-22071 (CVSS score: 8.4), have been exploited in the wild as part of limited, targeted attacks.

Cybersecurity

A security researcher named luckyrb, the Google Android Security team, and TAG researcher Benoît Sevens and Jann Horn of Google Project Zero have been credited with reporting the security vulnerabilities, respectively.

It’s currently not known how these shortcomings have been weaponized, and who are behind the attacks.

The development, however, has prompted the U.S. Cybersecurity and Infrastructure Security Agency (CISA) to add the four bugs to its Known Exploited Vulnerabilities (KEV) catalog, urging federal agencies to apply the patches by December 26, 2023.

It also follows Google’s announcement that the December 2023 security updates for Android address 85 flaws, including a critical issue in the System component tracked as CVE-2023-40088 that “could lead to remote (proximal/adjacent) code execution with no additional execution privileges needed” and without any user interaction.

Found this article interesting? Follow us on Twitter and LinkedIn to read more exclusive content we post.

Products You May Like

Articles You May Like

Brave Browser Is Bringing its AI Assistant Leo to Android Devices
Samsung Galaxy S24 FE Key Specifications Leaked Online, Tipped to Run on Exynos 2400 SoC
Adobe Announces Project Music GenAI Control, an Experimental AI-Based Music Generation Tool
Tumblr, WordPress Plan to Sell User Data to OpenAI and Midjourney to Train AI Models: Report
Embracer Group to Sell Saber Interactive, Developer of a New ‘Star Wars’ Game Remake, in $500 Million Deal

Leave a Reply

Your email address will not be published. Required fields are marked *