30

Qualcomm patches high-severity zero-day exploited in attacks(www.bleepingcomputer.com)

posted
by
Avatar
ladfrombrad 🇬🇧@lemdro.idM
in
Avatar
android@lemdro.id
4 comments
hidereport

cross-posted from: https://infosec.pub/post/18563178

Qualcomm has released security patches for a zero-day vulnerability in the Digital Signal Processor (DSP) service that impacts dozens of chipsets. […]

Sort:
HotTopControversialNewOld
Avatar
Possibly linux@lemmy.zip
6 points

If only Android was based on mainline Linux! Who am I joking, cost is way more important than security.

Serious question though, can this be exploited via web assembly? Also is Lineage OS shipping patches? I know many devices have been abandoned by the vendors so it is entirely possible this will go unpatched in older devices

permalink
report
reply
Avatar
limerod@reddthat.comM
4 points

Also is Lineage OS shipping patches? I know many devices have been abandoned by the vendors so it is entirely possible this will go unpatched in older devices

This is a vulnerability in a proprietary Qualcomm’s DSP. The patch will only be made available to OEMs. LineageOS cannot patch this vulnerability if the device itself is no longer receiving official updates.

permalink
report
parent
reply
Avatar
ReversalHatchery@beehaw.org
1 point

how and when is the DSP used, though?

and what kind of code can take advantage of this? apps? javascript in browser apps? or a non-app system process with a specific privilege?

permalink
report
parent
reply
Avatar
limerod@reddthat.comM
3 points

DSP (Digital Signal Processor) is used anywhere where a digital signal is processed like audio, video, etc. When you play your favourite media its played by your processor’s DSP instead of your CPU saving battery. Speech recognition is another area where DSP is used for this.

Nowadays, it does more than just play media. Including doing AI tasks on a NPU(Neural Processing Unit) like Object recognition, running LLM(Large Language Models) to generate pictures, suggest frequently used apps, etc.

and what kind of code can take advantage of this? apps? javascript in browser apps? or a non-app system process with a specific privilege?

As for code anything that processes signals can be accelerated by it.

User code does not get privileged access to it. JavaScript is sanboxed but system processes in chrome and firefox can use it for media playback.

For accelerated AI tasks on the NPU. It depends if the app developer leverage the specific neural SDK for Qualcomm, mediatek. Or use NNAPI API, or LiteRT

It’s standard on most smartphones like the CPU, GPU. If you want you can ask perplexity.ai for specific info in it.

I have given a short summary. But, there’s lot more you can read if interested.

permalink
report
parent
reply

Android

!android@lemdro.id

Create post

The new home of /r/Android on Lemmy and the Fediverse!

Android news, reviews, tips, and discussions about rooting, tutorials, and apps.

🔗Universal Link: !android@lemdro.id

💡Content Philosophy:

Content which benefits the community (news, rumours, and discussions) is generally allowed and is valued over content which benefits only the individual (technical questions, help buying/selling, rants, self-promotion, etc.) which will be removed if it’s in violation of the rules.

Support, technical, or app related questions belong in: !askandroid@lemdro.id

For fresh communities, lemmy apps, and instance updates: !lemdroid@lemdro.id

💬Matrix Chat

💬Telegram channels / chats

📰Our communities below

Rules

  1. Stay on topic: All posts should be related to the Android OS or ecosystem.

  2. No support questions, recommendation requests, rants, or bug reports: Posts must benefit the community rather than the individual. Please post to !askandroid@lemdro.id.

  3. Describe images/videos, no memes: Please include a text description when sharing images or videos. Post memes to !androidmemes@lemdro.id.

  4. No self-promotion spam: Active community members can post their apps if they answer any questions in the comments. Please do not post links to your own website, YouTube, blog content, or communities.

  5. No reposts or rehosted content: Share only the original source of an article, unless it’s not available in English or requires logging in (like Twitter). Avoid reposting the same topic from other sources.

  6. No editorializing titles: You can add the author or website’s name if helpful, but keep article titles unchanged.

  7. No piracy or unverified APKs: Do not share links or direct people to pirated content or unverified APKs, which may contain malicious code.

  8. No unauthorized polls, bots, or giveaways: Do not create polls, use bots, or organize giveaways without first contacting mods for approval.

  9. No offensive or low-effort content: Don’t post offensive or unhelpful content. Keep it civil and friendly!

  10. No affiliate links: Posting affiliate links is not allowed.

Quick Links

Our Communities
Lemmy App List
Chat and More

Community stats

  • 3.2K

    Monthly active users

  • 2.6K

    Posts

  • 34K

    Comments

Community moderators