Four Zero-Day Vulnerabilities in Qualcomm Chips Put Billions of Users at Risk

05/10/2023

Qualcomm, a global semiconductor giant, recently disclosed four zero-day vulnerabilities in its chips that are used in billions of smartphones and other devices around the world. The vulnerabilities, which have been exploited in limited, targeted attacks, could allow attackers to take control of affected devices or steal sensitive data. This October, Qualcomm addressed 21 vulnerabilities in its security advisories.

Nguy cơ tấn công dữ liệu do sử dụng chip của qualcomm
Qualcomm addressed 21 vulnerabilities in its security advisories

The four vulnerabilities are:

  • CVE-2023-33106: A use-after-free vulnerability in the Adreno GPU driver
  • CVE-2023-33107: A use-after-free vulnerability in the Compute DSP driver
  • CVE-2022-22071: A possible use-after-free vulnerability in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Voice & Music
  • CVE-2023-33063: A buffer copy without checking the size of input vulnerability in the WLAN firmware

There are indications from Google Threat Analysis Group and Google Project Zero that CVE-2023-33106, CVE-2023-33107, CVE-2022-22071, and CVE-2023-33063 may be under limited, targeted exploitation,” Qualcomm wrote in its security advisory.

5/5 - (1 vote)