Vulnerabilidades en Qualcomm, Inc.

2934 resultados
Análisis Vexday

Com 2.934 CVEs catalogadas, a Qualcomm apresenta um volume expressivo de vulnerabilidades, reflexo da amplitude de seu portfólio de chipsets e firmware embarcado. A taxa de exploração ativa — 12 entradas no catálogo KEV da CISA, ou 0,41% do total — está em linha com a média geral do catálogo, indicando que o risco de exploração confirmada não foge do padrão da indústria, embora 94 falhas de severidade crítica representem uma superfície de ataque relevante para equipes de segurança que dependem de componentes Qualcomm em ambientes móveis, automotivos ou de IoT. A CVE mais perigosa atualmente em exploração ativa, CVE-2020-11261, apresenta EPSS de 0,0177, sugerindo probabilidade de exploração adicional relativamente baixa no curto prazo, mas sua presença no KEV exige atenção imediata em qualquer inventário de ativos afetados. O surgimento de 49 novas CVEs nos últimos 90 dias e a disponibilidade de PoCs públicas para 3 vulnerabilidades reforçam a necessidade de ciclos contínuos de atualização de firmware e monitoramento ativo de patches liberados pelo fabricante.

CVE-2019-10506While processing QCA_NL80211_VENDOR_SUBCMD_AVOID_FREQUENCY vendor command, driver does not validate the data obtained from the user space whEPSS 0.2%CVE-2019-10524Lack of check for a negative value returned for get_clk is wrongly interpreted as valid pointer and lead to use after free in clk driver in EPSS 0.2%CVE-2017-9693The length of attribute value for STA_EXT_CAPABILITY in __wlan_hdd_change_station in Android for MSM, Firefox OS for MSM, and QRD Android beEPSS 0.2%CVE-2019-10507Lack of check of extscan change results received from firmware can lead to an out of buffer read in Snapdragon Auto, Snapdragon Consumer EleEPSS 0.2%CVE-2019-10508Lack of input validation for data received from user space can lead to OOB access in WLAN in Snapdragon Auto, Snapdragon Consumer ElectronicEPSS 0.2%CVE-2018-11270In all android releases (Android for MSM, Firefox OS for MSM, QRD Android) from CAF using the linux kernel, memory allocated with devm_kzallEPSS 0.2%CVE-2018-11827In all android releases (Android for MSM, Firefox OS for MSM, QRD Android) from CAF using the linux kernel, improper validation of array indEPSS 0.2%CVE-2018-11942Failure to initialize the reserved memory which is sent to the firmware might lead to exposure of 1 byte of uninitialized kernel SKB memory EPSS 0.2%CVE-2018-11295In all android releases (Android for MSM, Firefox OS for MSM, QRD Android) from CAF using the linux kernel, WMA handler carries a fixed evenEPSS 0.2%CVE-2019-10491ADSP can be compromised since it`s a general-purpose CPU processing untrusted data in Snapdragon Auto, Snapdragon Compute, Snapdragon ConsumEPSS 0.2%CVE-2019-10496Lack of checking a variable received from driver and populating in Firmware data structure leads to buffer overflow in Snapdragon Auto, SnapEPSS 0.2%CVE-2019-2333Buffer overflow due to improper validation of buffer size while IPA driver processing to perform read operation in Snapdragon Auto, SnapdragEPSS 0.2%CVE-2019-10530Lack of check of data truncation on user supplied data in kernel leads to buffer overflow in Snapdragon Auto, Snapdragon Consumer IOT, SnapdEPSS 0.2%CVE-2020-3643u'Information disclosure issue can occur due to partial secure display-touch session tear-down' in Snapdragon Auto, Snapdragon Compute, SnapEPSS 0.2%CVE-2018-11275In all android releases (Android for MSM, Firefox OS for MSM, QRD Android) from CAF using the linux kernel, when flashing image using FastboEPSS 0.2%CVE-2018-5889While processing a compressed kernel image, a buffer overflow can occur in Android releases from CAF using the linux kernel (Android for MSMEPSS 0.2%CVE-2018-11274In all android releases (Android for MSM, Firefox OS for MSM, QRD Android) from CAF using the linux kernel, buffer overflow may occur when pEPSS 0.2%CVE-2018-5858In the audio debugfs in all Android releases from CAF using the Linux kernel (Android for MSM, Firefox OS for MSM, QRD Android) before securEPSS 0.2%CVE-2019-2341Buffer overflow when the audio buffer size provided by user is larger than the maximum allowable audio buffer size. in Snapdragon Auto, SnapEPSS 0.2%CVE-2019-2236Null pointer dereference during secure application termination using specific application ids. in Snapdragon Auto, Snapdragon Compute, SnapdEPSS 0.2%