Vulnerabilidades en Qualcomm, Inc.

2934 resultados
Análisis Vexday

Com 2.934 CVEs catalogadas, a Qualcomm apresenta um volume expressivo de vulnerabilidades, reflexo da amplitude de seu portfólio de chipsets e firmware embarcado. A taxa de exploração ativa — 12 entradas no catálogo KEV da CISA, ou 0,41% do total — está em linha com a média geral do catálogo, indicando que o risco de exploração confirmada não foge do padrão da indústria, embora 94 falhas de severidade crítica representem uma superfície de ataque relevante para equipes de segurança que dependem de componentes Qualcomm em ambientes móveis, automotivos ou de IoT. A CVE mais perigosa atualmente em exploração ativa, CVE-2020-11261, apresenta EPSS de 0,0177, sugerindo probabilidade de exploração adicional relativamente baixa no curto prazo, mas sua presença no KEV exige atenção imediata em qualquer inventário de ativos afetados. O surgimento de 49 novas CVEs nos últimos 90 dias e a disponibilidade de PoCs públicas para 3 vulnerabilidades reforçam a necessidade de ciclos contínuos de atualização de firmware e monitoramento ativo de patches liberados pelo fabricante.

CVE-2017-13218Access to CNTVCT_EL0 in Small Cell SoC, Snapdragon Automobile, Snapdragon Mobile and Snapdragon Wear could be used for side channel attacks EPSS 0.2%CVE-2018-11865Integer overflow may happen when calculating an internal structure size due to lack of validation of the input length in Snapdragon Mobile, EPSS 0.2%CVE-2018-11288Possible undefined behavior due to lack of size check in function for parameter segment_idx can lead to a read outside of the intended regioEPSS 0.2%CVE-2019-2281An unauthenticated bitmap image can be loaded in to memory and subsequently cause execution of unverified code. in Snapdragon Compute, SnapdEPSS 0.2%CVE-2018-11866Integer overflow may happen in WLAN when calculating an internal structure size due to lack of validation of the input length in Snapdragon EPSS 0.2%CVE-2017-18327Security keys are logged when any WCDMA call is configured or reconfigured in snapdragon automobile, snapdragon mobile and snapdragon wear iEPSS 0.2%CVE-2024-45552HIGHBuffer Over-read in Data Network Stack & ConnectivityEPSS 0.2%CVE-2017-18332Security keys are logged when any WCDMA call is configured or reconfigured in snapdragon automobile, snapdragon mobile and snapdragon wear iEPSS 0.2%CVE-2024-38404HIGHBuffer Over-read in Multi Mode Call ProcessorEPSS 0.2%CVE-2024-49846HIGHBuffer Over-read in Multi-Mode Call ProcessorEPSS 0.2%CVE-2018-13888There is potential for memory corruption in the RIL daemon due to de reference of memory outside the allocated array length in RIL in SnapdrEPSS 0.2%CVE-2018-11864Bytes can be written to fuses from Secure region which can be read later by HLOS in Snapdragon Auto, Snapdragon Compute, Snapdragon ConnectiEPSS 0.2%CVE-2018-5883Buffer overflow in WLAN driver event handlers due to improper validation of array index in Snapdragon Auto, Snapdragon Consumer IOT, SnapdraEPSS 0.2%CVE-2018-11845Usage of non-time-constant comparison functions can lead to information leakage through side channel analysis in Snapdragon Auto, SnapdragonEPSS 0.2%CVE-2018-11820Use of non-time constant memcmp function creates side channel that leaks information and leads to cryptographic issues in Snapdragon Auto, SEPSS 0.2%CVE-2018-11847Malicious TA can tag QSEE kernel memory and map to EL0, there by corrupting the physical memory as well it can be used to corrupt the QSEE kEPSS 0.2%CVE-2025-21434HIGHBuffer Over-read in WLAN HostEPSS 0.2%CVE-2025-21430HIGHBuffer Over-read in WLAN HostEPSS 0.2%CVE-2025-21429HIGHBuffer Over-read in WLAN HostEPSS 0.2%CVE-2025-21435HIGHBuffer Over-read in WLAN Host CommunicationEPSS 0.2%