Vulnerabilities in Qualcomm, Inc.

2,934 results
Vexday analysis

Com 2.934 CVEs catalogadas, a Qualcomm apresenta um volume expressivo de vulnerabilidades, reflexo da amplitude de seu portfólio de chipsets e firmware embarcado. A taxa de exploração ativa — 12 entradas no catálogo KEV da CISA, ou 0,41% do total — está em linha com a média geral do catálogo, indicando que o risco de exploração confirmada não foge do padrão da indústria, embora 94 falhas de severidade crítica representem uma superfície de ataque relevante para equipes de segurança que dependem de componentes Qualcomm em ambientes móveis, automotivos ou de IoT. A CVE mais perigosa atualmente em exploração ativa, CVE-2020-11261, apresenta EPSS de 0,0177, sugerindo probabilidade de exploração adicional relativamente baixa no curto prazo, mas sua presença no KEV exige atenção imediata em qualquer inventário de ativos afetados. O surgimento de 49 novas CVEs nos últimos 90 dias e a disponibilidade de PoCs públicas para 3 vulnerabilidades reforçam a necessidade de ciclos contínuos de atualização de firmware e monitoramento ativo de patches liberados pelo fabricante.

CVE-2022-25710HIGHDenial of service due to null pointer dereference when GATT is disconnected in Snapdragon Auto, Snapdragon Consumer IOT, Snapdragon IndustriEPSS 0.4%CVE-2018-3565While sending a probe request indication in lim_send_sme_probe_req_ind() in all Android releases from CAF (Android for MSM, Firefox OS for MEPSS 0.4%CVE-2022-25741HIGHDenial of service in WLAN due to potential null pointer dereference while accessing the memory location in Snapdragon Auto, Snapdragon CompuEPSS 0.4%CVE-2022-25742HIGHDenial of service in modem due to infinite loop while parsing IGMPv2 packet from server in Snapdragon Consumer IOT, Snapdragon Industrial IOEPSS 0.4%CVE-2018-3580Stack-based buffer overflow can occur In the WLAN driver if the pmkid_count value is larger than the PMKIDCache size in all Android releasesEPSS 0.4%CVE-2017-8273In all Qualcomm products with Android release from CAF using the Linux kernel, while processing fastboot boot command when verified boot feaEPSS 0.4%CVE-2024-33064HIGHBuffer Over-read in WLAN Host CommunicationEPSS 0.4%CVE-2022-33290HIGHNull pointer dereference in Bluetooth HOSTEPSS 0.4%CVE-2022-22060HIGHReachable Assertion in ModemEPSS 0.4%CVE-2023-21661HIGHBuffer Over-read in WLAN FirmwareEPSS 0.4%CVE-2022-40538HIGHReachable assertion in ModemEPSS 0.4%CVE-2022-33237HIGHTransient DOS due to buffer over-read in WLAN firmware while processing PPE threshold. in Snapdragon Auto, Snapdragon Compute, Snapdragon CoEPSS 0.4%CVE-2022-33236HIGHTransient DOS due to buffer over-read in WLAN firmware while parsing cipher suite info attributes. in Snapdragon Compute, Snapdragon ConnectEPSS 0.4%CVE-2023-21659HIGHBuffer Over-read in WLAN FirmwareEPSS 0.4%CVE-2022-33305HIGHNull pointer dereference in ModemEPSS 0.4%CVE-2022-40504HIGHReachable assertion in ModemEPSS 0.4%CVE-2022-33286HIGHBuffer over-read in WLANEPSS 0.4%CVE-2022-33299HIGHNull pointer dereference in Bluetooth HOSTEPSS 0.4%CVE-2022-33285HIGHBuffer over-read in WLANEPSS 0.4%CVE-2022-40508HIGHReachable assertion in ModemEPSS 0.4%