Binarly Discloses Multiple Firmware Vulnerabilities in Qualcomm and Lenovo ARM-based Devices
Four of the issues are specific to Lenovo and allow an attacker to gain read access to the privileged boot code through all of these vulnerabilities.
- Four of the issues are specific to Lenovo and allow an attacker to gain read access to the privileged boot code through all of these vulnerabilities.
- Compared to the previous group of vulnerabilities with arbitrary code execution, these vulnerabilities only lead to privileged information disclosure.
- “With this disclosure, we have opened Pandora's box of ARM devices with UEFI firmware vulnerabilities impacting enterprise vendors.
- As far as we know, this is the first major vulnerability disclosure related to UEFI firmware on ARM,” said Binarly chief executive officer Alex Matrosov.