X
search

Qualcomm fixes 3 zero-day vulnerabilities in GPU drivers

Pictured: Hisan Kidwai
By Hisan Kidwai
October 05, 2023
Featured image for Qualcomm fixes 3 zero-day vulnerabilities in GPU drivers

Zero-day vulnerabilities top the list of security risks, especially since companies are often unaware of hackers using such bugs. Now, in a recent development, Qualcomm has discovered three zero-day vulnerabilities in its GPU and Compute DSP drivers, which could have been leveraged by threat actors in attacks.

According to Google’s Threat Analysis Group (TAG) and Qualcomm, they discovered 17 vulnerabilities in total, out of which thirteen were ‘high’ risk, showing potential for low or medium impact on target systems, while one was ‘medium’ risk. Qualcomm deemed the remaining three vulnerabilities, CVE-2023-33106, CVE-2023-33107, and CVE-2022-22071, as critical, posing a risk for targeted exploitation. While the company has not found evidence of threat actors using the vulnerabilities, it suspects hackers may have used them as spyware.

What do these vulnerabilities affect?

While Qualcomm has refrained from sharing specific details about the vulnerabilities, these involve corrupting memory in Qualcomm’s Modem component during the processing of security-related configurations. Additionally, they corrupt memory in the WLAN firmware and exploit a critical cryptographic issue in the Data Modem component during the copying of pmk cache memory without proper size checks.

Qualcomm’s response

In response to the vulnerabilities, Qualcomm has released security updates and notified phone makers, such as Samsung, urging them to deploy these updates as soon as possible. Moreover, the company stated that they plan to provide more information regarding the bugs in the December report.

In other news, ARM also discovered new GPU vulnerabilities yesterday, which allow threat actors to gain access to a user’s memory and use it for installing malware or other malicious payloads.

These incidents once again highlight the growing importance of implementing strict security measures. This includes quickly updating your phone for the latest security patches, monitoring for any apps using excessive battery, and carefully checking all the permissions an app requests.

  翻译: