Summary: Qualcomm has issued its March 2025 Security Bulletin, which identifies and addresses several critical vulnerabilities in automotive systems, mobile chipsets, and networking devices. Key issues include potential memory corruption and improper input validation flaws, particularly affecting the QNX operating system and vehicle networks. Users are advised to implement the recommended patches to ensure the security of their devices.
Affected: Qualcomm products, including automotive systems, mobile chipsets, and networking devices
Keypoints :
- Multiple critical vulnerabilities identified in automotive systems impacting the QNX operating system and vehicle networks.
- Notable vulnerabilities include CVE-2024-53012, CVE-2024-53022, CVE-2024-53029, CVE-2024-53030, CVE-2024-53031, CVE-2024-53032, and CVE-2024-53028.
- Vulnerabilities extend to Qualcomm chipsets affecting mobile devices, with specific risks such as denial-of-service and remote code execution.
- Patches are also provided for vulnerabilities in open-source components, impacting systems like Android and multimedia frameworks.
- Qualcomm urges customers and partners to apply patches promptly and check with manufacturers for updates.