Qualcomm says hackers exploit 3 zero-days in its GPU, DSP drivers

I

Ink

Administrator
Thread author
Verified
Jan 8, 2011
22,490
Content source
https://www.bleepingcomputer.com/news/security/qualcomm-says-hackers-exploit-3-zero-days-in-its-gpu-dsp-drivers/
Qualcomm is warning of three zero-day vulnerabilities in its GPU and Compute DSP drivers that hackers are actively exploiting in attacks.

The American semiconductor company was told by Google's Threat Analysis Group (TAG) and Project Zero teams that CVE-2023-33106, CVE-2023-33107, CVE-2022-22071, and CVE-2023-33063 may be under limited, targeted exploitation.
Click to expand...
This month's security bulletin also warns of three other critical vulnerabilities:
  • CVE-2023-24855: Memory corruption in Qualcomm’s Modem component occurring when processing security-related configurations before the AS Security Exchange. (CVSS v3.1: 9.8)
  • CVE-2023-28540: Cryptographic issue in the Data Modem component arising from improper authentication during the TLS handshake. (CVSS v3.1: 9.1)
  • CVE-2023-33028: Memory corruption in the WLAN firmware occurring while copying the pmk cache memory without performing size checks. (CVSS v3.1: 9.8)
Along with the above, Qualcomm has disclosed 13 high-severity flaws and another three critical-severity vulnerabilities discovered by its engineers.

As the CVE-2023-24855, CVE-2023-2854, and CVE-2023-33028 flaws are all remotely exploitable, they are critical from a security standpoint, but there is no indication they are exploited.
Click to expand...
Unfortunately, there isn't a lot impacted consumers can do besides applying the available updates as soon as those reach them through the usual OEM channels.

Flaws in drivers usually require local access to exploit, typically achieved through malware infections, so Android device owners are recommended to limit the number of apps they download and only source them from trustworthy repositories.
Click to expand...
 
  • Like
  • +Reputation
Reactions: Nevi, brambedkar59, Fel Grossi and 3 others
You must log in or register to reply here.

Similar threads

Gandalf_The_Grey
Security News D-Link says it is not fixing four RCE flaws in DIR-846W routers
Replies
0
Views
1,777
Security News
Gandalf_The_Grey
Gandalf_The_Grey
Gandalf_The_Grey
    • Like
    • Applause
    • Thanks
Apple emergency updates fix 3 new zero-days exploited in attacks
Replies
0
Views
1,499
News Archive
Gandalf_The_Grey
Gandalf_The_Grey
Gandalf_The_Grey
    • Like
    • +Reputation
Security News December Android updates fix critical zero-click RCE flaw
Replies
0
Views
1,628
Security News
Gandalf_The_Grey
Gandalf_The_Grey

About us

  • MalwareTips is a community-driven platform providing the latest information and resources on malware and cyber threats. Our team of experienced professionals and passionate volunteers work to keep the internet safe and secure. We provide accurate, up-to-date information and strive to build a strong and supportive community dedicated to cybersecurity.

Quick Navigation

Forum Rules Warning System Welcome Guide Two-factor Authentication

User Menu

Login

Follow us

Follow us on Facebook or Twitter to know first about the latest cybersecurity incidents and malware threats.

Top