Vulnerabilities in Qualcomm, Inc.

2,934 results
Vexday analysis

Com 2.934 CVEs catalogadas, a Qualcomm apresenta um volume expressivo de vulnerabilidades, reflexo da amplitude de seu portfólio de chipsets e firmware embarcado. A taxa de exploração ativa — 12 entradas no catálogo KEV da CISA, ou 0,41% do total — está em linha com a média geral do catálogo, indicando que o risco de exploração confirmada não foge do padrão da indústria, embora 94 falhas de severidade crítica representem uma superfície de ataque relevante para equipes de segurança que dependem de componentes Qualcomm em ambientes móveis, automotivos ou de IoT. A CVE mais perigosa atualmente em exploração ativa, CVE-2020-11261, apresenta EPSS de 0,0177, sugerindo probabilidade de exploração adicional relativamente baixa no curto prazo, mas sua presença no KEV exige atenção imediata em qualquer inventário de ativos afetados. O surgimento de 49 novas CVEs nos últimos 90 dias e a disponibilidade de PoCs públicas para 3 vulnerabilidades reforçam a necessidade de ciclos contínuos de atualização de firmware e monitoramento ativo de patches liberados pelo fabricante.

CVE-2024-53021HIGHBuffer Over-read in Data Network Stack & ConnectivityEPSS 0.2%CVE-2020-11242HIGHUser could gain access to secure memory due to incorrect argument into address range validation api used in SDI to capture requested contentEPSS 0.2%CVE-2019-14029Use-after-free in graphics module due to destroying already queued syncobj in error case in Snapdragon Auto, Snapdragon Compute, Snapdragon EPSS 0.2%CVE-2019-14030The size of a buffer is determined by addition and multiplications operations that have the potential to overflow due to lack of bound checkEPSS 0.2%CVE-2019-10604Possibility of heap-buffer-overflow during last iteration of loop while populating image version information in diag command response packetEPSS 0.2%CVE-2019-10537Improper validation of event buffer extracted from FW response can lead to integer overflow, which will allow to pass the length check and eEPSS 0.2%CVE-2019-14023String format issue will occur while processing HLOS data as there is no user input validation to ensure inputs are properly NULL terminatedEPSS 0.2%CVE-2019-14060Uninitialized stack data gets used If memory is not allocated for blob or if the allocated blob is less than the struct size required due toEPSS 0.2%CVE-2019-10602Potential use-after-free heap error during Validate/Present calls on display HW composer in Snapdragon Auto, Snapdragon Compute, Snapdragon EPSS 0.2%CVE-2019-14046Out of bound access while allocating memory for an array in camera due to improper validation of elements parameters in Snapdragon Auto, SnaEPSS 0.2%CVE-2018-11262In Android for MSM, Firefox OS for MSM, and QRD Android with all Android releases from CAF using the Linux kernel while trying to find out tEPSS 0.2%CVE-2019-14024Possible stack-use-after-scope issue in NFC usecase for card emulation in Snapdragon Auto, Snapdragon Industrial IOT, Snapdragon Mobile in MEPSS 0.2%CVE-2019-14085Possible Integer underflow in WLAN function due to lack of check of data received from user side in Snapdragon Auto, Snapdragon Compute, SnaEPSS 0.2%CVE-2019-10606Out-of-bound access will occur in USB driver due to lack of check to validate the frame size passed by user in Snapdragon Auto, Snapdragon CEPSS 0.2%CVE-2019-14068Out of bound access in msm routing due to lack of check of size before accessing in Snapdragon Auto, Snapdragon Compute, Snapdragon ConsumerEPSS 0.2%CVE-2024-53019HIGHBuffer Over-read in Data Network Stack & ConnectivityEPSS 0.2%CVE-2025-21427HIGHBuffer Over-read in Data HLOS - LNXEPSS 0.2%CVE-2018-11895In all android releases (Android for MSM, Firefox OS for MSM, QRD Android) from CAF using the linux kernel, improper length check ValidationEPSS 0.2%CVE-2019-2315While invoking the API to copy from fd or local buffer to the secure buffer, Parameters being populated are from non secure environment. in EPSS 0.2%CVE-2019-14049Stage-2 fault will occur while writing to an ION system allocation which has been assigned to non-HLOS memory which is non-standard in SnapdEPSS 0.2%