Vulnerabilidades en Qualcomm, Inc.

2934 resultados
Análisis Vexday

Com 2.934 CVEs catalogadas, a Qualcomm apresenta um volume expressivo de vulnerabilidades, reflexo da amplitude de seu portfólio de chipsets e firmware embarcado. A taxa de exploração ativa — 12 entradas no catálogo KEV da CISA, ou 0,41% do total — está em linha com a média geral do catálogo, indicando que o risco de exploração confirmada não foge do padrão da indústria, embora 94 falhas de severidade crítica representem uma superfície de ataque relevante para equipes de segurança que dependem de componentes Qualcomm em ambientes móveis, automotivos ou de IoT. A CVE mais perigosa atualmente em exploração ativa, CVE-2020-11261, apresenta EPSS de 0,0177, sugerindo probabilidade de exploração adicional relativamente baixa no curto prazo, mas sua presença no KEV exige atenção imediata em qualquer inventário de ativos afetados. O surgimento de 49 novas CVEs nos últimos 90 dias e a disponibilidade de PoCs públicas para 3 vulnerabilidades reforçam a necessidade de ciclos contínuos de atualização de firmware e monitoramento ativo de patches liberados pelo fabricante.

CVE-2017-14897In Android for MSM, Firefox OS for MSM, QRD Android, with all Android releases from CAF using the Linux kernel, while handling the QSEOS_RPMEPSS 0.2%CVE-2021-35070MEDIUMRPM secure Stream can access any secure resource due to improper SMMU configuration and can lead to information disclosure in Snapdragon IndEPSS 0.2%CVE-2017-9716In Android for MSM, Firefox OS for MSM, QRD Android, with all Android releases from CAF using the Linux kernel, the qbt1000 driver implementEPSS 0.2%CVE-2021-30338HIGHImproper input validation in TrustZone memory transfer interface can lead to information disclosure in Snapdragon ComputeEPSS 0.2%CVE-2019-10562u'Improper authentication and signature verification of debug polices in secure boot loader will allow unverified debug policies to be loadeEPSS 0.2%CVE-2018-11951Improper access control in core module lead XBL_LOADER performs the ZI region clear for QTEE instead of XBL_SEC in Snapdragon Mobile in versEPSS 0.2%CVE-2021-30289HIGHPossible buffer overflow due to lack of range check while processing a DIAG command for COEX management in Snapdragon Auto, Snapdragon CompuEPSS 0.2%CVE-2020-11286An Untrusted Pointer Dereference can occur while doing USB control transfers, if multiple requests of different standard request categories EPSS 0.2%CVE-2021-35110HIGHPossible buffer overflow to improper validation of hash segment of file while allocating memory in Snapdragon Connectivity, Snapdragon MobilEPSS 0.2%CVE-2018-5857In the WCD CPE codec, a Use After Free condition can occur in all Android releases(Android for MSM, Firefox OS for MSM, QRD Android) from CAEPSS 0.2%CVE-2023-33017HIGHBuffer Copy Without Checking Size of Input in BootEPSS 0.2%CVE-2021-1983HIGHPossible buffer overflow due to improper handling of negative data length while processing write request in VR service in Snapdragon Auto, SEPSS 0.2%CVE-2021-30288HIGHPossible stack overflow due to improper length check of TLV while copying the TLV to a local stack variable in Snapdragon Auto, Snapdragon CEPSS 0.2%CVE-2023-28587HIGHImproper Restriction of Operations within the Bounds of a Memory Buffer in BT ControllerEPSS 0.2%CVE-2023-33087HIGHBuffer Copy without Checking Size of Input (`Classic Buffer Overflow`) in CoreEPSS 0.2%CVE-2021-30261HIGHPossible integer and heap overflow due to lack of input command size validation while handling beacon template update command from HLOS in SEPSS 0.2%CVE-2021-30303HIGHPossible buffer overflow due to lack of buffer length check when segmented WMI command is received in Snapdragon Auto, Snapdragon Compute, SEPSS 0.2%CVE-2023-33079HIGHUse of Out-of-range Pointer Offset in AudioEPSS 0.2%CVE-2021-30311HIGHPossible heap overflow due to lack of index validation before allocating and writing to heap buffer in Snapdragon Auto, Snapdragon Compute, EPSS 0.2%CVE-2022-22090HIGHMemory corruption in audio due to use after free while managing buffers from internal cache in Snapdragon Compute, Snapdragon Connectivity, EPSS 0.2%