Today’s Zero Day Brought To You By Qualcomm
It’s A Day Ending In Y, So Of Course There’s Yet Another Cyberattack Or Three
So many to choose from today, just like yesterday and same again tomorrow. Let’s start your waking nightmares with a zero day that at least has a patch. The Digital Signal Processor on many Qualcomm chipsets suffers from a flaw which thankfully has been spotted and patched; or can be patched if the manufacturer of your particular product makes one available. In this case you are looking at DMA handle file descriptors being leveraged to trigger a use after free vulnerability, an attacker just has to feed a PD that matches one already in use. This particular attack seems to be targeted at specific targets, but that’s no excuse not to try to hunt down a patch.
To make your day better, Qualcomm has also patched a year old WLAN Resource Manager bug that causes memory corruption similar to the attack above. If that’s not enough, take a look below the fold for even more reasons to spice up your morning coffee.
"Currently, the DSP updates header buffers with unused DMA handle fds. In the put_args section, if any DMA handle FDs are present in the header buffer, the corresponding map is freed," as explained in a DSP kernel commit.
More Tech News From Around The Web
- Ivanti warns of three more CSA zero-days exploited in attacks @ Bleeping Computer
- American Water shuts down online services after cyberattack @ Bleeping Computer
- Casio reports IT systems failure after weekend network breach @ Bleeping Computer
- Samsung says it’s in “crisis,” apologizes for missing profit target @ Ars Technica
- You’re right not to rush into running AMD, Intel’s new manycore monster CPUs @ The Register
- Global Semiconductor Sales Up 20.6% To Record $53.1 Billion @ Slashdot
- Inflection AI Enterprise offering ditches Nvidia GPUs for Intel’s Gaudi 3 @ The Register
- Report: First wave of M4 Macs, including smaller Mac mini, coming November 1 @ Ars Technica
- New Microsoft Azure NVIDIA GB200 Systems Shown as Two-Thirds Cooling @ ServeTheHome
- Smart TVs Are Like ‘a Digital Trojan Horse’ in People’s Homes @ Ars Technica