Qualcomm patches high-severity zero-day exploited in attacks
Qualcomm patches high-severity zero-day exploited in attacks
cross-posted from: https://infosec.pub/post/18563178
Qualcomm has released security patches for a zero-day vulnerability in the Digital Signal Processor (DSP) service that impacts dozens of chipsets. [...]
If only Android was based on mainline Linux! Who am I joking, cost is way more important than security.
Serious question though, can this be exploited via web assembly? Also is Lineage OS shipping patches? I know many devices have been abandoned by the vendors so it is entirely possible this will go unpatched in older devices
Also is Lineage OS shipping patches? I know many devices have been abandoned by the vendors so it is entirely possible this will go unpatched in older devices
This is a vulnerability in a proprietary Qualcomm's DSP. The patch will only be made available to OEMs. LineageOS cannot patch this vulnerability if the device itself is no longer receiving official updates.
how and when is the DSP used, though?
and what kind of code can take advantage of this? apps? javascript in browser apps? or a non-app system process with a specific privilege?