Vulnerabilities in Qualcomm, Inc.

2,934 results
Vexday analysis

Com 2.934 CVEs catalogadas, a Qualcomm apresenta um volume expressivo de vulnerabilidades, reflexo da amplitude de seu portfólio de chipsets e firmware embarcado. A taxa de exploração ativa — 12 entradas no catálogo KEV da CISA, ou 0,41% do total — está em linha com a média geral do catálogo, indicando que o risco de exploração confirmada não foge do padrão da indústria, embora 94 falhas de severidade crítica representem uma superfície de ataque relevante para equipes de segurança que dependem de componentes Qualcomm em ambientes móveis, automotivos ou de IoT. A CVE mais perigosa atualmente em exploração ativa, CVE-2020-11261, apresenta EPSS de 0,0177, sugerindo probabilidade de exploração adicional relativamente baixa no curto prazo, mas sua presença no KEV exige atenção imediata em qualquer inventário de ativos afetados. O surgimento de 49 novas CVEs nos últimos 90 dias e a disponibilidade de PoCs públicas para 3 vulnerabilidades reforçam a necessidade de ciclos contínuos de atualização de firmware e monitoramento ativo de patches liberados pelo fabricante.

CVE-2022-25678CRITICALBuffer Copy Without Checking Size of Input in MODEMEPSS 0.4%CVE-2022-25745CRITICALAlways Incorrect Control Flow Implementation in MODEMEPSS 0.4%CVE-2022-25740CRITICALBuffer Copy Without Checking Size of Input in MODEMEPSS 0.4%CVE-2017-8241In all Android releases from CAF using the Linux kernel, a buffer overflow vulnerability exists in a WLAN function due to an incorrect messaEPSS 0.4%CVE-2014-9969In all Qualcomm products with Android releases from CAF using the Linux kernel, the GPS client may use an insecure cryptographic algorithm.EPSS 0.4%CVE-2022-33255HIGHBuffer over-read in Bluetooth HOSTEPSS 0.4%CVE-2017-11090In android for MSM, Firefox OS for MSM, QRD Android, with all Android releases from CAF using the Linux kernel, a buffer overread is observeEPSS 0.4%CVE-2017-11093In android for MSM, Firefox OS for MSM, QRD Android, with all Android releases from CAF using the Linux kernel, buffer Over-read in Display EPSS 0.4%CVE-2017-11058In android for MSM, Firefox OS for MSM, QRD Android, with all Android releases from CAF using the Linux kernel, while processing a speciallyEPSS 0.4%CVE-2022-25718CRITICALCryptographic issue in WLAN due to improper check on return value while authentication handshake in Snapdragon Auto, Snapdragon ConnectivityEPSS 0.4%CVE-2017-9696In android for MSM, Firefox OS for MSM, QRD Android, with all Android releases from CAF using the Linux kernel, buffer over-read is possibleEPSS 0.4%CVE-2017-9701In android for MSM, Firefox OS for MSM, QRD Android, with all Android releases from CAF using the Linux kernel, while processing OEM unlock/EPSS 0.4%CVE-2017-14870In Android for MSM, Firefox OS for MSM, QRD Android, with all Android releases from CAF using the Linux kernel, while updating the recovery EPSS 0.4%CVE-2017-11066In Android for MSM, Firefox OS for MSM, QRD Android, with all Android releases from CAF using the Linux kernel, while flashing ubi image an EPSS 0.4%CVE-2017-11031In Android for MSM, Firefox OS for MSM, QRD Android, with all Android releases from CAF using the Linux kernel, the VIDIOC_G_SDE_ROTATOR_FENEPSS 0.4%CVE-2021-35078HIGHPossible memory leak due to improper validation of certificate chain length while parsing server certificate chain in Snapdragon Auto, SnapdEPSS 0.4%CVE-2022-25689HIGHDenial of service in Modem due to reachable assertion in Snapdragon MobileEPSS 0.4%CVE-2022-25691HIGHDenial of service in Modem due to reachable assertion while processing SIB1 with invalid SCS and bandwidth settings in Snapdragon MobileEPSS 0.4%CVE-2022-25702HIGHDenial of service in modem due to reachable assertion while processing reconfiguration message in Snapdragon Auto, Snapdragon Compute, SnapdEPSS 0.4%CVE-2022-25692HIGHDenial of service in Modem due to reachable assertion while processing the common config procedure in Snapdragon Auto, Snapdragon Compute, SEPSS 0.4%