In total 22 proprietary software vulnerabilities were identified in the firmware, which Qualcomm addressed in its January 2023 security bulletin.
Firmware attacks are increasingly common nowadays as cybercriminals are focusing more on the lower-level embedded code, which supports hardware. Qualcomm’s hardware is the latest target in this regard.
Reportedly, the company was notified about the presence of nearly 2 dozen security vulnerabilities in its flagship chipset suite, Snapdragon.
Vulnerabilities Details
These vulnerabilities were discovered by Binarly AI-powered firmware protection company. In total 22 proprietary software issues were identified in the firmware, which Qualcomm addressed in its January 2023 security bulletin.
These include 2 bugs in automotive tracked as CVE-2022-33218 and CVE-2022-33219 and one bug in powerline communication firmware tracked as CVE-2022-33265. These bugs were rated critical or high severity and their patching was quite complex.
Additionally, five major vulnerabilities in UEFI firmware on ARM were identified and tracked as CVE-2022-40516 to CVE-2022-40520. These vulnerabilities impacted the whole infrastructure of ARM-based devices and laptops.
Binarly discovered two types of vulnerabilities, including out-of-bounds read issued and stack-based buffer overflows. Both were connected to the DXE driver and could be exploited by whoever gained elevated privileges.
The company has released patches for the vulnerabilities in its latest security advisory, including patches for five connectivity and boot issues.
Which Devices are at Risk?
Devices made by Lenovo, Microsoft, and Samsung are at risk due to using Snapdragon chipsets. However, the scope of impact is highly diverse as the vulnerabilities may affect vehicles to powerline communications. For your information, the Snapdragon CPU uses the ARM architecture.
Therefore, apart from Lenovo and other manufacturers, ARM-based Microsoft Surface and Windows Dev Kit 2023/Project Volterra computers were also affected by the vulnerabilities. Some vulnerabilities could lead to arbitrary code execution and be exploited for a Secure Boot bypass, allowing an attacker to gain persistence on a device by gaining privileges to write to the file system.
How the Flaws Were Discovered?
Binarly founder and CEO, Alex Matrosov revealed that they discovered around nine security vulnerabilities while examining the Lenovo Thinkpad X13s firmware powered by the Snapdragon system-on-a-chip.
Further probe revealed that some vulnerabilities were specific to Lenovo devices and five impacted Qualcomm reference codes. This means the vulnerabilities were impacting laptops and all other devices having Snapdragon chips installed.
Matrosov clarified that this was the first time UEFI firmware vulnerabilities connected to the ARM device architecture were disclosed at such a scale. The CEO also noted that the number of affected chipsets is “massive.”
The good news is that Lenovo has addressed the issue and its advisory is available here.
