"Qualcomm, Lenovo Flag Multiple High Impact Firmware Vulnerabilities"

Qualcomm has disclosed nearly two dozen security flaws in its chipsets, including the company's flagship Snapdragon processor chips, which impact products ranging from cars to powerline communications. Two flaws in automotive and one bug in powerline communication firmware are among the 22 proprietary software issues revealed in Qualcomm's January 2023 security bulletin, all of which are rated high or critical for severity and difficult to patch. Furthermore, there are five other severe vulnerabilities in Unified Extensible Firmware Interface (UEFI) firmware on ARM that threaten the entire ecosystem of ARM-based laptops and other devices. Firmware attacks have grown in popularity in recent years as hackers focus away from user-facing operating systems and toward lower-level embedded code that supports hardware. In December 2022, Eclypsium, a firmware and hardware security company, discovered many significant vulnerabilities in Baseboard Management Controller (BMC) firmware manufactured by American Megatrends (AMI) and employed by many global server manufacturers. The newly disclosed vulnerabilities have downstream effects. Lenovo adopted Qualcomm's chip, and the five flaws Binarly revealed to Qualcomm also impact Lenovo ThinkPad X13s, prompting the company to release BIOS upgrades to close the security gap. This article continues to discuss the disclosure and potential impact of security vulnerabilities found in Qualcomm's chipsets. 

SC Media reports "Qualcomm, Lenovo Flag Multiple High Impact Firmware Vulnerabilities"