Vulnerabilidades en Qualcomm, Inc.

2934 resultados
Análisis Vexday

Com 2.934 CVEs catalogadas, a Qualcomm apresenta um volume expressivo de vulnerabilidades, reflexo da amplitude de seu portfólio de chipsets e firmware embarcado. A taxa de exploração ativa — 12 entradas no catálogo KEV da CISA, ou 0,41% do total — está em linha com a média geral do catálogo, indicando que o risco de exploração confirmada não foge do padrão da indústria, embora 94 falhas de severidade crítica representem uma superfície de ataque relevante para equipes de segurança que dependem de componentes Qualcomm em ambientes móveis, automotivos ou de IoT. A CVE mais perigosa atualmente em exploração ativa, CVE-2020-11261, apresenta EPSS de 0,0177, sugerindo probabilidade de exploração adicional relativamente baixa no curto prazo, mas sua presença no KEV exige atenção imediata em qualquer inventário de ativos afetados. O surgimento de 49 novas CVEs nos últimos 90 dias e a disponibilidade de PoCs públicas para 3 vulnerabilidades reforçam a necessidade de ciclos contínuos de atualização de firmware e monitoramento ativo de patches liberados pelo fabricante.

CVE-2018-5827In Qualcomm Android for MSM, Firefox OS for MSM, and QRD Android with all Android releases from CAF using the Linux kernel before security pEPSS 0.2%CVE-2019-14130Memory corruption can occurs in trusted application if offset size from HLOS is more than actual mapped buffer size in Snapdragon Auto, SnapEPSS 0.2%CVE-2019-14037Close and bind operations done on a socket can lead to a Use-After-Free condition. in Snapdragon Auto, Snapdragon Compute, Snapdragon ConnecEPSS 0.2%CVE-2019-14099Device misbehavior may be observed when incorrect offset, length or number of buffers is passed by user space in Snapdragon Auto, SnapdragonEPSS 0.2%CVE-2019-14093Array out of bound access can occur in display module due to lack of bound check on input parcel received in Snapdragon Auto, Snapdragon ConEPSS 0.2%CVE-2019-10580When kernel thread unregistered listener, Use after free issue happened as the listener client`s private data has been already freed in SnapEPSS 0.2%CVE-2019-14124Memory failure in content protection module due to not having pointer within the scope in Snapdragon Auto, Snapdragon Compute, Snapdragon MoEPSS 0.2%CVE-2021-1931MEDIUMPossible buffer overflow due to improper validation of buffer length while processing fast boot commands in Snapdragon Auto, Snapdragon CompEPSS 0.2%CVE-2018-3569A buffer over-read can occur during a fast initial link setup (FILS) connection in Android releases from CAF using the linux kernel (AndroidEPSS 0.2%CVE-2019-14100Register write via debugfs is disabled by default to prevent register writing via debugfs. in Snapdragon Auto, Snapdragon Compute, SnapdragoEPSS 0.2%CVE-2020-11127u'Integer overflow can cause a buffer overflow due to lack of table length check in the extensible boot Loader during the validation of secuEPSS 0.2%CVE-2020-11205u'Possible integer overflow to heap overflow while processing command due to lack of check of packet length received' in Snapdragon Auto, SnEPSS 0.2%CVE-2018-11819Use after issue in WLAN function due to multiple ACS scan requests at a time in Snapdragon Auto, Snapdragon Consumer IOT, Snapdragon IndustrEPSS 0.2%CVE-2019-2247Possibility of double free issue while running multiple instances of smp2p test because of proper protection is missing while using global vEPSS 0.2%CVE-2025-21446HIGHBuffer Over-read in WLAN FirmwareEPSS 0.2%CVE-2018-11934Possible out of bounds write due to improper input validation while processing DO_ACS vendor command in Snapdragon Auto, Snapdragon ConsumerEPSS 0.2%CVE-2019-2292Out of bound access can occur due to buffer copy without checking size of input received from WLAN firmware in Snapdragon Auto, Snapdragon CEPSS 0.2%CVE-2019-2301Possibility of out-of-bound read if id received from SPI is not in range of FIFO in Snapdragon Auto, Snapdragon Compute, Snapdragon ConsumerEPSS 0.2%CVE-2019-14123Possible buffer overflow and over read possible due to missing bounds checks for fixed limits if we consider widevine HLOS client as non-truEPSS 0.2%CVE-2025-21449HIGHBuffer Over-read in WLAN Embedded SWEPSS 0.2%