Vulnerabilidades en Qualcomm, Inc.

2934 resultados
Análisis Vexday

Com 2.934 CVEs catalogadas, a Qualcomm apresenta um volume expressivo de vulnerabilidades, reflexo da amplitude de seu portfólio de chipsets e firmware embarcado. A taxa de exploração ativa — 12 entradas no catálogo KEV da CISA, ou 0,41% do total — está em linha com a média geral do catálogo, indicando que o risco de exploração confirmada não foge do padrão da indústria, embora 94 falhas de severidade crítica representem uma superfície de ataque relevante para equipes de segurança que dependem de componentes Qualcomm em ambientes móveis, automotivos ou de IoT. A CVE mais perigosa atualmente em exploração ativa, CVE-2020-11261, apresenta EPSS de 0,0177, sugerindo probabilidade de exploração adicional relativamente baixa no curto prazo, mas sua presença no KEV exige atenção imediata em qualquer inventário de ativos afetados. O surgimento de 49 novas CVEs nos últimos 90 dias e a disponibilidade de PoCs públicas para 3 vulnerabilidades reforçam a necessidade de ciclos contínuos de atualização de firmware e monitoramento ativo de patches liberados pelo fabricante.

CVE-2018-5830While processing the HTT_T2H_MSG_TYPE_MGMT_TX_COMPL_IND message, a buffer overflow can potentially occur in Android releases from CAF using EPSS 0.2%CVE-2019-2235Buffer overflow occurs when emulated RPMB is used due to sector size assumptions in the TA rollback protection logic. in Snapdragon Auto, SnEPSS 0.2%CVE-2023-43537MEDIUMBuffer Over-read in WLAN HostEPSS 0.2%CVE-2020-3611u'XBL SEC clears only ZI region when loading Qualcomm-signed segments can lead to improper access issue' in Snapdragon Compute, Snapdragon CEPSS 0.2%CVE-2018-5918Possible buffer overflow in DRM Trusted application due to lack of check function return values in Snapdragon Automobile, Snapdragon Mobile EPSS 0.2%CVE-2024-21466MEDIUMInteger Underflow (Wrap or Wraparound) in WLAN Host CommunicationEPSS 0.2%CVE-2024-21457MEDIUMBuffer Over-read in WLAN Host CommunicationEPSS 0.2%CVE-2024-21458MEDIUMBuffer Over-read in WLAN HOSTEPSS 0.2%CVE-2023-21643CRITICALUntrusted Pointer Dereference in AutomotiveEPSS 0.2%CVE-2018-11289Data truncation during higher to lower type conversion which causes less memory allocation than desired can lead to a buffer overflow in SnaEPSS 0.2%CVE-2018-13914Lack of input validation for data received from user space can lead to an out of bound array issue in Snapdragon Auto, Snapdragon Consumer IEPSS 0.2%CVE-2020-11305Integer overflow in boot due to improper length check on arguments received in Snapdragon Consumer IOT, Snapdragon Industrial IOT, SnapdragoEPSS 0.2%CVE-2020-3629u'Stack out of bound issue occurs when making query to DSP capabilities due to wrong assumption was made on determining the buffer size for EPSS 0.2%CVE-2020-3666u'Out of bounds memory access during memory copy while processing Host command' in Snapdragon Auto, Snapdragon Compute, Snapdragon ConnectivEPSS 0.2%CVE-2020-3644u'Information disclosure issue occurs as in current logic Secure Touch session is released without terminating display session' in SnapdragoEPSS 0.2%CVE-2018-11878In all android releases (Android for MSM, Firefox OS for MSM, QRD Android) from CAF using the linux kernel, possibility of invalid memory acEPSS 0.2%CVE-2018-11948Exceeding the limit of usage entries are not tracked and the information will be lost causing the content to lose continuity in Snapdragon AEPSS 0.2%CVE-2019-14047While IPA driver processes route add rule IOCTL, there is no input validation of the rule ID prior to adding the rule to the IPA HW commit lEPSS 0.2%CVE-2018-13920Use-after-free condition due to Improper handling of hrtimers when the PMU driver tries to access its events in Snapdragon Auto, Snapdragon EPSS 0.2%CVE-2018-5884Improper Access Control in Multimedia in Snapdragon Mobile and Snapdragon Wear, Non-standard applications without permission may acquire perEPSS 0.2%