Vulnerabilidades en Qualcomm, Inc.

2934 resultados
Análisis Vexday

Com 2.934 CVEs catalogadas, a Qualcomm apresenta um volume expressivo de vulnerabilidades, reflexo da amplitude de seu portfólio de chipsets e firmware embarcado. A taxa de exploração ativa — 12 entradas no catálogo KEV da CISA, ou 0,41% do total — está em linha com a média geral do catálogo, indicando que o risco de exploração confirmada não foge do padrão da indústria, embora 94 falhas de severidade crítica representem uma superfície de ataque relevante para equipes de segurança que dependem de componentes Qualcomm em ambientes móveis, automotivos ou de IoT. A CVE mais perigosa atualmente em exploração ativa, CVE-2020-11261, apresenta EPSS de 0,0177, sugerindo probabilidade de exploração adicional relativamente baixa no curto prazo, mas sua presença no KEV exige atenção imediata em qualquer inventário de ativos afetados. O surgimento de 49 novas CVEs nos últimos 90 dias e a disponibilidade de PoCs públicas para 3 vulnerabilidades reforçam a necessidade de ciclos contínuos de atualização de firmware e monitoramento ativo de patches liberados pelo fabricante.

CVE-2018-11860In all android releases (Android for MSM, Firefox OS for MSM, QRD Android) from CAF using the linux kernel, a potential buffer over flow couEPSS 0.2%CVE-2018-11897In all android releases (Android for MSM, Firefox OS for MSM, QRD Android) from CAF using the linux kernel, while processing diag event afteEPSS 0.2%CVE-2019-10481Out of bound access occurs while handling the WMI FW event due to lack of check of buffer argument which comes directly from the WLAN FW in EPSS 0.2%CVE-2020-11234HIGHWhen sending a socket event message to a user application, invalid information will be passed if socket is freed by other thread resulting iEPSS 0.2%CVE-2018-11902In all android releases (Android for MSM, Firefox OS for MSM, QRD Android) from CAF using the linux kernel, lack of length validation check EPSS 0.2%CVE-2024-53020HIGHBuffer Over-read in Data Network Stack & ConnectivityEPSS 0.2%CVE-2019-10583Use after free issue occurs when camera access sensors data through direct report mode in Snapdragon Auto, Snapdragon Compute, Snapdragon CoEPSS 0.2%CVE-2019-10558While transferring data from APPS to DSP, Out of bound in FastRPC HLOS Driver due to the data buffer which can be controlled by DSP in SnapdEPSS 0.2%CVE-2019-14034Use after free while processing eeprom query as there is a chance to not unlock mutex after error occurs in Snapdragon Auto, Snapdragon CompEPSS 0.2%CVE-2019-2246Thread start can cause invalid memory writes to arbitrary memory location since the argument is passed by user to kernel in Snapdragon Auto,EPSS 0.2%CVE-2018-11298In all android releases (Android for MSM, Firefox OS for MSM, QRD Android) from CAF using the linux kernel, while processing SET_PASSPOINT_LEPSS 0.2%CVE-2020-11245HIGHUnintended reads and writes by NS EL2 in access control driver due to lack of check of input validation in Snapdragon Auto, Snapdragon CompuEPSS 0.2%CVE-2020-11237HIGHMemory crash when accessing histogram type KPI input received due to lack of check of histogram definition before accessing it in SnapdragonEPSS 0.2%CVE-2019-2321Incorrect length used while validating the qsee log buffer sent from HLOS which could then lead to remap conflict in Snapdragon Auto, SnapdrEPSS 0.2%CVE-2018-11851In all android releases (Android for MSM, Firefox OS for MSM, QRD Android) from CAF using the linux kernel, lack of check on input received EPSS 0.2%CVE-2019-14032Memory use after free issue in audio due to lack of resource control in Snapdragon Auto, Snapdragon Compute, Snapdragon Consumer IOT, SnapdrEPSS 0.2%CVE-2019-14000Lack of check that the RX FIFO write index that is read from shared RAM is less than the FIFO size results into memory corruption and potentEPSS 0.2%CVE-2018-11265In all android releases (Android for MSM, Firefox OS for MSM, QRD Android) from CAF using the linux kernel, possible buffer overflow while iEPSS 0.2%CVE-2018-11838Possible double free issue in WLAN due to lack of checking memory free condition. in Snapdragon Auto, Snapdragon Compute, Snapdragon ConsumeEPSS 0.2%CVE-2020-11246HIGHA double free condition can occur when the device moves to suspend mode during secure playback in Snapdragon Auto, Snapdragon Compute, SnapdEPSS 0.2%