Vulnerabilities in Qualcomm, Inc.

2,934 results
Vexday analysis

Com 2.934 CVEs catalogadas, a Qualcomm apresenta um volume expressivo de vulnerabilidades, reflexo da amplitude de seu portfólio de chipsets e firmware embarcado. A taxa de exploração ativa — 12 entradas no catálogo KEV da CISA, ou 0,41% do total — está em linha com a média geral do catálogo, indicando que o risco de exploração confirmada não foge do padrão da indústria, embora 94 falhas de severidade crítica representem uma superfície de ataque relevante para equipes de segurança que dependem de componentes Qualcomm em ambientes móveis, automotivos ou de IoT. A CVE mais perigosa atualmente em exploração ativa, CVE-2020-11261, apresenta EPSS de 0,0177, sugerindo probabilidade de exploração adicional relativamente baixa no curto prazo, mas sua presença no KEV exige atenção imediata em qualquer inventário de ativos afetados. O surgimento de 49 novas CVEs nos últimos 90 dias e a disponibilidade de PoCs públicas para 3 vulnerabilidades reforçam a necessidade de ciclos contínuos de atualização de firmware e monitoramento ativo de patches liberados pelo fabricante.

CVE-2025-21448HIGHBuffer Over-read in WLAN FirmwareEPSS 0.2%CVE-2018-11847Malicious TA can tag QSEE kernel memory and map to EL0, there by corrupting the physical memory as well it can be used to corrupt the QSEE kEPSS 0.2%CVE-2025-21434HIGHBuffer Over-read in WLAN HostEPSS 0.2%CVE-2018-11877When the buffer length passed is very large in WLAN, bounds check could be bypassed leading to potential buffer overwrite in Snapdragon MobiEPSS 0.2%CVE-2018-11879When the buffer length passed is very large, bounds check could be bypassed leading to potential buffer overwrite in Snapdragon Mobile in veEPSS 0.2%CVE-2018-5866While processing logs, data is copied into a buffer pointed to by an untrusted pointer in Snapdragon Mobile, Snapdragon Wear in version MDM9EPSS 0.2%CVE-2018-5880Improper data length check while processing an event report indication can lead to a buffer overflow in snapdragon mobile and snapdragon weaEPSS 0.2%CVE-2018-5912Potential buffer overflow in Video due to lack of input validation in input and output values in Snapdragon Automobile, Snapdragon Mobile inEPSS 0.2%CVE-2019-13994u'Lack of check that the current received data fragment size of a particular packet that are read from shared memory are less than the actuaEPSS 0.2%CVE-2018-11873Improper input validation leads to buffer overwrite in the WLAN function that handles WLAN roam buffer in Snapdragon Mobile in version SD 84EPSS 0.2%CVE-2018-11870Buffer overwrite can occur when the legacy rates count received from the host is not checked against the maximum number of legacy rates in SEPSS 0.2%CVE-2018-11922HIGHConfigurations in Android BuildEPSS 0.2%CVE-2018-11871Buffer overwrite can happen in WLAN function while processing set pdev parameter command due to lack of input validation in Snapdragon AutomEPSS 0.2%CVE-2020-3656Out of bound access can happen in MHI command process due to lack of check of command channel id value received from MHI devices in SnapdragEPSS 0.2%CVE-2020-11124u'Possible use-after-free while accessing diag client map table since list can be reallocated due to exceeding max client limit.' in SnapdraEPSS 0.2%CVE-2020-3616Buffer overflow in display function due to memory copy without checking length of size using strcpy function in Snapdragon Auto, Snapdragon EPSS 0.2%CVE-2018-13918kernel could return a received message length higher than expected, which leads to buffer overflow in a subsequent operation and stops normaEPSS 0.2%CVE-2021-30348MEDIUMImproper validation of LLM utility timers availability can lead to denial of service in Snapdragon Auto, Snapdragon Compute, Snapdragon ConnEPSS 0.2%CVE-2017-18155While playing HEVC content using HD DMB in Snapdragon Automobile and Snapdragon Mobile in version MSM8996AU, SD 450, SD 625, SD 820, SD 820AEPSS 0.2%CVE-2025-21428HIGHBuffer Over-read in WLAN HostEPSS 0.2%