Vulnerabilities in Qualcomm, Inc.

2,945 results
Vexday analysis

Com 2.934 CVEs catalogadas, a Qualcomm apresenta um volume expressivo de vulnerabilidades, reflexo da amplitude de seu portfólio de chipsets e firmware embarcado. A taxa de exploração ativa — 12 entradas no catálogo KEV da CISA, ou 0,41% do total — está em linha com a média geral do catálogo, indicando que o risco de exploração confirmada não foge do padrão da indústria, embora 94 falhas de severidade crítica representem uma superfície de ataque relevante para equipes de segurança que dependem de componentes Qualcomm em ambientes móveis, automotivos ou de IoT. A CVE mais perigosa atualmente em exploração ativa, CVE-2020-11261, apresenta EPSS de 0,0177, sugerindo probabilidade de exploração adicional relativamente baixa no curto prazo, mas sua presença no KEV exige atenção imediata em qualquer inventário de ativos afetados. O surgimento de 49 novas CVEs nos últimos 90 dias e a disponibilidade de PoCs públicas para 3 vulnerabilidades reforçam a necessidade de ciclos contínuos de atualização de firmware e monitoramento ativo de patches liberados pelo fabricante.

CVE-2017-9700In Android for MSM, Firefox OS for MSM, QRD Android, with all Android releases from CAF using the Linux kernel, buffer overwrite is possibleEPSS 0.1%CVE-2017-11019In Android for MSM, Firefox OS for MSM, QRD Android, with all Android releases from CAF using the Linux kernel, the fd allocated during the EPSS 0.1%CVE-2020-11298HIGHWhile waiting for a response to a callback or listener request, non-secure clients can change permissions to shared memory buffers used by HEPSS 0.1%CVE-2018-5853A race condition exists in a driver in all Android releases from CAF using the Linux kernel (Android for MSM, Firefox OS for MSM, QRD AndroiEPSS 0.1%CVE-2017-11085In android for MSM, Firefox OS for MSM, QRD Android, with all Android releases from CAF using the Linux kernel, an integer overflow leading EPSS 0.1%CVE-2017-11081In Android for MSM, Firefox OS for MSM, QRD Android, with all Android releases from CAF using the Linux kernel, there is a potential buffer EPSS 0.1%CVE-2017-9710In Android for MSM, Firefox OS for MSM, QRD Android, with all Android releases from CAF using the Linux kernel, IOCTL interface to send QMI EPSS 0.1%CVE-2017-9721In android for MSM, Firefox OS for MSM, QRD Android, with all Android releases from CAF using the Linux kernel, in the boot loader, a bufferEPSS 0.1%CVE-2017-9719In android for MSM, Firefox OS for MSM, QRD Android, with all Android releases from CAF using the Linux kernel, in the kernel driver MDSS, aEPSS 0.1%CVE-2021-35084MEDIUMPossible out of bound read due to lack of length check of data length for a DIAG event in Snapdragon Auto, Snapdragon Compute, Snapdragon CoEPSS 0.1%CVE-2017-11080In Android for MSM, Firefox OS for MSM, QRD Android, with all Android releases from CAF using the Linux kernel, while processing a user suppEPSS 0.1%CVE-2017-11072In Android for MSM, Firefox OS for MSM, QRD Android, with all Android releases from CAF using the Linux kernel, while calculating CRC for GPEPSS 0.1%CVE-2017-11029In android for MSM, Firefox OS for MSM, QRD Android, with all Android releases from CAF using the Linux kernel, camera application triggers EPSS 0.1%CVE-2023-28586MEDIUMImproper Restriction of Operation within the Bounds of a Memory Buffer in TZ Secure OSEPSS 0.1%CVE-2021-1967MEDIUMPossible stack buffer overflow due to lack of check on the maximum number of post NAN discovery attributes while processing a NAN Match evenEPSS 0.1%CVE-2024-23351HIGHImproper Access Control in Graphics LinuxEPSS 0.1%CVE-2020-11220While processing storage SCM commands there is a time of check or time of use window where a pointer used could be invalid at a specific timEPSS 0.1%CVE-2020-11230Potential arbitrary memory corruption when the qseecom driver updates ion physical addresses in the buffer as it exposes a physical address EPSS 0.1%CVE-2017-11026In android for MSM, Firefox OS for MSM, QRD Android, with all Android releases from CAF using the Linux kernel, while flashing FRP partitionEPSS 0.1%CVE-2021-30279HIGHPossible access control violation while setting current permission for VMIDs due to improper permission masking in Snapdragon Compute, SnapdEPSS 0.1%