Vulnerabilities in Qualcomm, Inc.

2,934 results
Vexday analysis

Com 2.934 CVEs catalogadas, a Qualcomm apresenta um volume expressivo de vulnerabilidades, reflexo da amplitude de seu portfólio de chipsets e firmware embarcado. A taxa de exploração ativa — 12 entradas no catálogo KEV da CISA, ou 0,41% do total — está em linha com a média geral do catálogo, indicando que o risco de exploração confirmada não foge do padrão da indústria, embora 94 falhas de severidade crítica representem uma superfície de ataque relevante para equipes de segurança que dependem de componentes Qualcomm em ambientes móveis, automotivos ou de IoT. A CVE mais perigosa atualmente em exploração ativa, CVE-2020-11261, apresenta EPSS de 0,0177, sugerindo probabilidade de exploração adicional relativamente baixa no curto prazo, mas sua presença no KEV exige atenção imediata em qualquer inventário de ativos afetados. O surgimento de 49 novas CVEs nos últimos 90 dias e a disponibilidade de PoCs públicas para 3 vulnerabilidades reforçam a necessidade de ciclos contínuos de atualização de firmware e monitoramento ativo de patches liberados pelo fabricante.

CVE-2021-1924CRITICALInformation disclosure through timing and power side-channels during mod exponentiation for RSA-CRT in Snapdragon Auto, Snapdragon Compute, EPSS 0.2%CVE-2018-3571In the KGSL driver in all Android releases from CAF (Android for MSM, Firefox OS for MSM, QRD Android) using the Linux Kernel, a Use After FEPSS 0.2%CVE-2017-15842Buffer might get used after it gets freed due to unlocking the mutex before freeing the buffer in all Android releases from CAF (Android forEPSS 0.2%CVE-2020-11260An improper free of uninitialized memory can occur in DIAG services in Snapdragon Compute, Snapdragon Industrial IOT, Snapdragon MobileEPSS 0.2%CVE-2025-47392HIGHInteger Overflow or Wraparound in GPSEPSS 0.2%CVE-2018-3576improper validation of array index in WiFi driver function sapInterferenceRssiCount() leads to array out-of-bounds access in all Android relEPSS 0.2%CVE-2018-3581In the WLAN driver in all Android releases from CAF (Android for MSM, Firefox OS for MSM, QRD Android) using the Linux Kernel, a buffer overEPSS 0.2%CVE-2018-5844In the video driver function set_output_buffers(), binfo can be accessed after being freed in a failure scenario in all Android releases froEPSS 0.2%CVE-2018-5847Early or late retirement of rotation requests can result in a Use After Free condition in all Android releases from CAF (Android for MSM, FiEPSS 0.2%CVE-2018-3572While processing a DSP buffer in an audio driver's event handler, an index of a buffer is not checked before accessing the buffer in all AndEPSS 0.2%CVE-2024-33060HIGHUse After Free in DSP ServiceEPSS 0.2%CVE-2017-18070In wma_ndp_end_response_event_handler(), the variable len_end_rsp is a uint32 which can be overflowed if the value of variable "event->num_nEPSS 0.2%CVE-2018-5896In Android releases from CAF using the linux kernel (Android for MSM, Firefox OS for MSM, QRD Android) before security patch level 2018-06-0EPSS 0.2%CVE-2017-15854The value of fix_param->num_chans is received from firmware and if it is too large, an integer overflow can occur in wma_radio_chan_stats_evEPSS 0.2%CVE-2018-3582Buffer overflow can occur due to improper input validation in multiple WMA event handler functions in all Android releases from CAF (AndroidEPSS 0.2%CVE-2021-1959HIGHPossible memory corruption due to lack of bound check of input index in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, SnapdrEPSS 0.2%CVE-2018-5854A stack-based buffer overflow can occur in fastboot from all Android releases(Android for MSM, Firefox OS for MSM, QRD Android) from CAF usiEPSS 0.2%CVE-2021-30295HIGHPossible heap overflow due to improper validation of local variable while storing current task information locally in Snapdragon Auto, SnapdEPSS 0.2%CVE-2018-11304Possible buffer overflow in msm_adsp_stream_callback_put due to lack of input validation of user-provided data that leads to integer overfloEPSS 0.2%CVE-2021-1915HIGHBuffer overflow can occur due to improper validation of NDP application information length in Snapdragon Auto, Snapdragon Compute, SnapdragoEPSS 0.2%