Vulnerabilidades en Qualcomm, Inc.

2934 resultados
Análisis Vexday

Com 2.934 CVEs catalogadas, a Qualcomm apresenta um volume expressivo de vulnerabilidades, reflexo da amplitude de seu portfólio de chipsets e firmware embarcado. A taxa de exploração ativa — 12 entradas no catálogo KEV da CISA, ou 0,41% do total — está em linha com a média geral do catálogo, indicando que o risco de exploração confirmada não foge do padrão da indústria, embora 94 falhas de severidade crítica representem uma superfície de ataque relevante para equipes de segurança que dependem de componentes Qualcomm em ambientes móveis, automotivos ou de IoT. A CVE mais perigosa atualmente em exploração ativa, CVE-2020-11261, apresenta EPSS de 0,0177, sugerindo probabilidade de exploração adicional relativamente baixa no curto prazo, mas sua presença no KEV exige atenção imediata em qualquer inventário de ativos afetados. O surgimento de 49 novas CVEs nos últimos 90 dias e a disponibilidade de PoCs públicas para 3 vulnerabilidades reforçam a necessidade de ciclos contínuos de atualização de firmware e monitoramento ativo de patches liberados pelo fabricante.

CVE-2021-1962MEDIUMBuffer Overflow while processing IOCTL for getting peripheral endpoint information there is no proper validation for input maximum endpoint EPSS 0.2%CVE-2017-9705In Android for MSM, Firefox OS for MSM, QRD Android, with all Android releases from CAF using the Linux kernel, concurrent rx notifications EPSS 0.2%CVE-2021-35094HIGHImproper verification of timeout-based authentication in identity credential can lead to invalid authorization in HLOS in Snapdragon Auto, SEPSS 0.2%CVE-2022-22058HIGHMemory corruption due to use after free issue in kernel while processing ION handles in Snapdragon Auto, Snapdragon Compute, Snapdragon ConnEPSS 0.2%CVE-2017-9704In all android releases(Android for MSM, Firefox OS for MSM, QRD Android) from CAF using the linux kernel, There is no synchronization betweEPSS 0.2%CVE-2020-11147Use after free issue in audio modules while removing and freeing objects during list iteration due to incorrect usage of macro in SnapdragonEPSS 0.2%CVE-2020-11231MEDIUMTwo threads call one or both functions concurrently leading to corruption of pointers and reference counters which in turn can lead to heap EPSS 0.2%CVE-2021-30271HIGHPossible null pointer dereference in trap handler due to lack of thread ID validation before dereferencing it in Snapdragon Auto, SnapdragonEPSS 0.2%CVE-2021-30269HIGHPossible null pointer dereference due to lack of TLB validation for user provided address in Snapdragon Auto, Snapdragon Compute, SnapdragonEPSS 0.2%CVE-2018-5863If userspace provides a too-large WPA RSN IE length in wlan_hdd_cfg80211_set_ie(), a buffer overflow occurs in all Android releases(Android EPSS 0.2%CVE-2021-1950HIGHImproper cleaning of secure memory between authenticated users can lead to face authentication bypass in Snapdragon Auto, Snapdragon ComputeEPSS 0.2%CVE-2017-15845In Android for MSM, Firefox OS for MSM, QRD Android, with all Android releases from CAF using the Linux kernel, an invalid input of firmwareEPSS 0.2%CVE-2018-13893In all android releases(Android for MSM, Firefox OS for MSM, QRD Android) from CAF using the linux kernel, Out of bound mask range access caEPSS 0.2%CVE-2021-30254HIGHPossible buffer overflow due to improper input validation in factory calibration and test DIAG command in Snapdragon Auto, Snapdragon ComputEPSS 0.2%CVE-2021-30270HIGHPossible null pointer dereference in thread profile trap handler due to lack of thread ID validation before dereferencing it in Snapdragon AEPSS 0.2%CVE-2017-15848In Android for MSM, Firefox OS for MSM, QRD Android, with all Android releases from CAF using the Linux kernel, in the fastrpc kernel driverEPSS 0.2%CVE-2021-30255HIGHPossible buffer overflow due to improper input validation in PDM DIAG command in FTM in Snapdragon Auto, Snapdragon Compute, Snapdragon ConnEPSS 0.2%CVE-2021-30272HIGHPossible null pointer dereference in thread cache operation handler due to lack of validation of user provided input in Snapdragon Auto, SnaEPSS 0.2%CVE-2021-1979HIGHPossible buffer overflow due to improper validation of FTM command payload in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, EPSS 0.2%CVE-2021-1963MEDIUMPossible use-after-free due to lack of validation for the rule count in filter table in IPA driver in Snapdragon Auto, Snapdragon Compute, SEPSS 0.1%