Vulnerabilidades en Qualcomm, Inc.

2934 resultados
Análisis Vexday

Com 2.934 CVEs catalogadas, a Qualcomm apresenta um volume expressivo de vulnerabilidades, reflexo da amplitude de seu portfólio de chipsets e firmware embarcado. A taxa de exploração ativa — 12 entradas no catálogo KEV da CISA, ou 0,41% do total — está em linha com a média geral do catálogo, indicando que o risco de exploração confirmada não foge do padrão da indústria, embora 94 falhas de severidade crítica representem uma superfície de ataque relevante para equipes de segurança que dependem de componentes Qualcomm em ambientes móveis, automotivos ou de IoT. A CVE mais perigosa atualmente em exploração ativa, CVE-2020-11261, apresenta EPSS de 0,0177, sugerindo probabilidade de exploração adicional relativamente baixa no curto prazo, mas sua presença no KEV exige atenção imediata em qualquer inventário de ativos afetados. O surgimento de 49 novas CVEs nos últimos 90 dias e a disponibilidade de PoCs públicas para 3 vulnerabilidades reforçam a necessidade de ciclos contínuos de atualização de firmware e monitoramento ativo de patches liberados pelo fabricante.

CVE-2019-2326Data token is received from ADSP and is used without validation as an index into the array leads to out of bound access in Snapdragon Auto, EPSS 0.2%CVE-2019-2308User application could potentially make RPC call to the fastrpc driver and the driver will allow the message to go through to the remote subEPSS 0.2%CVE-2019-10628u'Memory can be potentially corrupted if random index is allowed to manipulate TLB entries in Kernel from user library' in Snapdragon Auto, EPSS 0.2%CVE-2018-5884Improper Access Control in Multimedia in Snapdragon Mobile and Snapdragon Wear, Non-standard applications without permission may acquire perEPSS 0.2%CVE-2025-27057HIGHBuffer Over-read in WLAN HostEPSS 0.2%CVE-2018-13920Use-after-free condition due to Improper handling of hrtimers when the PMU driver tries to access its events in Snapdragon Auto, Snapdragon EPSS 0.2%CVE-2019-10629u'User Process can potentially corrupt kernel virtual page by passing a crafted page in API' in Snapdragon Auto, Snapdragon Compute, SnapdraEPSS 0.2%CVE-2018-13919Use-after-free vulnerability will occur if reset of the routing table encounters an invalid rule id while processing command to reset in SnaEPSS 0.2%CVE-2018-13899Processing messages after error may result in user after free memory fault in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, EPSS 0.2%CVE-2018-11927Improper input validation on input which is used as an array index will lead to an out of bounds issue while processing AP find event from fEPSS 0.2%CVE-2020-3646u'Buffer overflow seen as the destination buffer size is lesser than the source buffer size in video application' in Snapdragon Compute, SnaEPSS 0.2%CVE-2018-11967Signature verification of the skel library could potentially be disabled as the memory region on the remote subsystem in which the library iEPSS 0.2%CVE-2019-14065u'Pointer double free in HavenSvc due to not setting the pointer to NULL after freeing it' in Snapdragon Auto, Snapdragon Compute, SnapdragoEPSS 0.2%CVE-2020-3618NULL exception due to accessing bad pointer while posting events on RT FIFO in Snapdragon Compute, Snapdragon Mobile, Snapdragon Wired InfraEPSS 0.2%CVE-2018-3583A buffer overflow can occur while processing an extscan hotlist event in Snapdragon Auto, Snapdragon Consumer Electronics Connectivity, SnapEPSS 0.2%CVE-2017-18324Cryptographic key material leaked in debug messages - GERAN in snapdragon mobile and snapdragon wear in versions MDM9206, MDM9607, MDM9615, EPSS 0.2%CVE-2020-3638u'An Unaligned address or size can propagate to the database due to improper page permissions and can lead to improper access control' in SnEPSS 0.2%CVE-2018-13896XBL_SEC image authentication and other crypto related validations are accessible to a compromised OEM XBL Loader due to missing lock at XBL_EPSS 0.2%CVE-2017-11004A non-secure user may be able to access certain registers in snapdragon automobile, snapdragon mobile and snapdragon wear in versions IPQ807EPSS 0.2%CVE-2017-18326Cryptographic keys are printed in modem debug messages in snapdragon mobile and snapdragon wear in versions MDM9607, MDM9615, MDM9625, MDM96EPSS 0.2%