Many devices equipped with Qualcomm Snapdragon chips are currently suffering from security vulnerabilities.
At the top of the list, but not exclusively, we find in particular such affected devices on the side of Lenovo, Microsoft and Samsung. Qualcomm is doing its best to quickly deploy patches to address these many issues.
A coughing dragon
The alert was first raised during the analysis of the firmware Lenovo Thinkpad X13 laptops, equipped with Qualcomm Snapdragon chips. In total, nine flaws were thus detected. After further analysis, it was discovered that five of them were not exclusive to Lenovo.
These were indeed attached to the Qualcomm reference code. Concretely, this means that any device equipped with a Snapdragon chip (using the ARM architecture as a reminder) from the manufacturer can also be subject to these flaws.
Thus, it has been confirmed that said flaws also impact such products at Microsoft and Samsung, among many others. It is therefore in all likelihood a particularly massive security problem.
Patches being rolled out
Two kinds of faults have been established: on the one hand, an overload of the buffer, and on the other, problems of inaccessible readings. Both are closely related to the DXE driver. The risk behind these flaws is the possibility for local hackers with high privileges to exploit the devices for nefarious purposes.
Three of the five identified flaws can indeed lead to the execution of arbitrary code. Potential hackers can bypass secure boot and modify system files at will. In fact, these threats have been given high priority treatment by Qualcomm.
The manufacturer has indeed already deployed several patches in this direction since the alert was launched. As of this writing, he continues to work to eradicate these dangerous and widespread threats. It is therefore imperative for any user of a device equipped with a Snapdragon chip to apply the latest security updates.
Source : Qualcomm
0