Today’s Zero Day Brought To You By Qualcomm

Source: Bleeping Computer Today’s Zero Day Brought To You By Qualcomm

It’s A Day Ending In Y, So Of Course There’s Yet Another Cyberattack Or Three

So many to choose from today, just like yesterday and same again tomorrow.  Let’s start your waking nightmares with a zero day that at least has a patch.  The Digital Signal Processor on many Qualcomm chipsets suffers from a flaw which thankfully has been spotted and patched; or can be patched if the manufacturer of your particular product makes one available.  In this case you are looking at DMA handle file descriptors being leveraged to trigger a use after free vulnerability, an attacker just has to feed a PD that matches one already in use.  This particular attack seems to be targeted at specific targets, but that’s no excuse not to try to hunt down a patch.

To make your day better, Qualcomm has also patched a year old WLAN Resource Manager bug that causes memory corruption similar to the attack above.  If that’s not enough, take a look below the fold for even more reasons to spice up your morning coffee.

"Currently, the DSP updates header buffers with unused DMA handle fds. In the put_args section, if any DMA handle FDs are present in the header buffer, the corresponding map is freed," as explained in a DSP kernel commit.

Video News

About The Author

Jeremy Hellstrom

Call it K7M.com, AMDMB.com, or PC Perspective, Jeremy has been hanging out and then working with the gang here for years. Apart from the front page you might find him on the BOINC Forums or possibly the Fraggin' Frogs if he has the time.

Leave a reply

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.

Latest Podcasts

Archive & Timeline

Previous 12 months
Explore: All The Years!